From d3ed366edc15ae00e9c79e54f4e0894fa4fb0d98 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Fri, 30 Nov 2012 16:09:39 +0000
Subject: [PATCH] Recognise self-signed certificates rather than assuming
 everything is issued from some CA. It turns out that a number of members use
 self-signed browser-facing certificates on test entities.

---
 build/probe_nocerts.pl | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/build/probe_nocerts.pl b/build/probe_nocerts.pl
index c90d5b24..d2f4073b 100755
--- a/build/probe_nocerts.pl
+++ b/build/probe_nocerts.pl
@@ -67,7 +67,7 @@
 	}
 	
 	#
-	# Use openssl to convert the certificate to text
+	# Use openssl to convert the certificate to text
 	#
 	my(@lines, $issuer, $subjectCN, $issuerCN);
 	$cmd = "openssl x509 -in $temp_der -inform der -noout -text -nameopt RFC2253 -modulus |";
@@ -77,16 +77,24 @@
 		if (/^\s*Issuer:\s*(.*)$/) {
 			$issuer = $1;
 			#print "$hostPort: issuer is $issuer\n";
-			$issuers{$issuer}{$loc} = 1;
-			$numissued++;
-			if ($issuer =~ /CN=([^,]+)/) {
-				$issuerCN = $1;
-			} else {
-				$issuerCN = $issuer;
-			}
 		}
+		if (/^\s*Subject:\s*(.*)$/) {
+			$subject = $1;
+		}
+	}
+
+	if ($subject eq $issuer) {
+		$issuer = "(self signed certificate)";
 	}
 
+	if ($issuer =~ /CN=([^,]+)/) {
+		$issuerCN = $1;
+	} else {
+		$issuerCN = $issuer;
+	}
+
+	$issuers{$issuer}{$loc} = 1;
+	$numissued++;
 }
 print "\n\n";
 
@@ -108,3 +116,8 @@
 		print "   $loc\n";
 	} 
 }
+
+#
+# Clean up
+#
+unlink $temp_der;