From 49c00512a7d6cbba810a3be13406d9921f1856d0 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 19 Dec 2022 16:23:03 -0600
Subject: [PATCH] hx509: Don't check if non-self-signed certs have a
 self-signing capable signature alg

We don't need the _hx509_self_signed_valid() check if the certificate is
not self-signed.
---
 lib/hx509/cert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c
index 3f612411e..e7e2423c5 100644
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -1207,7 +1207,7 @@ certificate_is_self_signed(hx509_context context,
     if (ret) {
 	hx509_set_error_string(context, 0, ret,
 			       "Failed to check if self signed");
-    } else
+    } else if (diff == 0)
 	ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
 
     return ret;