From 38f466bdfe2db37e13deb415f21f1cb0fc2d2eb5 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 27 Dec 2019 17:48:34 +0100
Subject: [PATCH] Keep untrustedDepth = 0 for self signed certs

---
 src/internal.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 163395cf9..7590e87b2 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -10151,7 +10151,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
                 #ifdef OPENSSL_EXTRA
                     /* Determine untrusted depth */
-                    if (!alreadySigner) {
+                    if (!alreadySigner && (!args->dCert ||
+                            !args->dCertInit || !args->dCert->selfSigned)) {
                         args->untrustedDepth = 1;
                     }
                 #endif