From b64c4107c83af6c32f5707218190a3e29be17ede Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 9 Jan 2008 18:01:05 +0000
Subject: Don't try to sort a chain with fewer than two links

svn path=/scripts/rpki/x509.py; revision=1457
---
 scripts/rpki/x509.py | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

(limited to 'scripts/rpki/x509.py')

diff --git a/scripts/rpki/x509.py b/scripts/rpki/x509.py
index 93adf196..5617d356 100644
--- a/scripts/rpki/x509.py
+++ b/scripts/rpki/x509.py
@@ -346,22 +346,23 @@ class X509_chain(list):
 
     Various other routines want their certs presented in this order.
     """
-    bag = self[:]
-    issuer_names = [x.getIssuer() for x in bag]
-    subject_map = dict([(x.getSubject(), x) for x in bag])
-    chain = []
-    for subject in subject_map:
-      if subject not in issuer_names:
-        cert = subject_map[subject]
+    if len(self) > 1:
+      bag = self[:]
+      issuer_names = [x.getIssuer() for x in bag]
+      subject_map = dict([(x.getSubject(), x) for x in bag])
+      chain = []
+      for subject in subject_map:
+        if subject not in issuer_names:
+          cert = subject_map[subject]
+          chain.append(cert)
+          bag.remove(cert)
+      if len(chain) != 1:
+        raise rpki.exceptions.NotACertificateChain, "Certificates in bag don't form a proper chain"
+      while bag:
+        cert = subject_map[chain[-1].getIssuer()]
         chain.append(cert)
         bag.remove(cert)
-    if len(chain) != 1:
-      raise rpki.exceptions.NotACertificateChain, "Certificates in bag don't form a proper chain"
-    while bag:
-      cert = subject_map[chain[-1].getIssuer()]
-      chain.append(cert)
-      bag.remove(cert)
-    self[:] = chain
+      self[:] = chain
 
   def tlslite_certChain(self):
     """Return a certChain in the format tlslite likes."""
-- 
cgit v1.2.3