From dcd695561a24920ee7146c3c44af3d0791b7ed3d Mon Sep 17 00:00:00 2001
From: Alex Stuart <alex.stuart@jisc.ac.uk>
Date: Mon, 23 Sep 2019 10:51:20 +0100
Subject: [PATCH] Stop reporting certificate expiry for self-signed trust
 fabric certificates.

See ukf/ukf-meta#189
---
 utilities/check_embedded.pl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/utilities/check_embedded.pl b/utilities/check_embedded.pl
index f630b871..eed5a4df 100755
--- a/utilities/check_embedded.pl
+++ b/utilities/check_embedded.pl
@@ -324,8 +324,9 @@ sub comment {
         #print "   text lines: $#lines\n";
 
         #
-        # Deal with certificate expiry.
+        # Deal with certificate expiry for CA-issued certificates.
         #
+        if ($issuer ne $subject) {
         if ($days < -$longExpiredDays) {
             my $d = floor(-$days);
             if (defined($expiry_whitelist{$fingerprint})) {
@@ -348,7 +349,7 @@ sub comment {
             $days = int($days);
             warning("expires in $days days ($notAfter)");
         }
-
+	}
 
         #
         # Handle public key size.