[empathy] Don't ignore the CA certificate if it's the only one in the chain

[Cosimo Cecchi <cosimoc src gnome org>]

commit a63cc377a55674f8b9ff5870e1d5db211c43049a
Author: Cosimo Cecchi <cosimoc gnome org>
Date:   Mon Oct 4 11:13:22 2010 +0200

    Don't ignore the CA certificate if it's the only one in the chain
    
    This avoids auth-client crashes for servers which provide only a
    self-signed CA as TLS certificate on connect (#631095).

 libempathy/empathy-tls-verifier.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/libempathy/empathy-tls-verifier.c b/libempathy/empathy-tls-verifier.c
index 517ae9e..13727db 100644
--- a/libempathy/empathy-tls-verifier.c
+++ b/libempathy/empathy-tls-verifier.c
@@ -260,10 +260,13 @@ real_start_verification (EmpathyTLSVerifier *self)
       /* if the last certificate is self-signed, and we have a list of
        * trusted CAs, ignore it, as we want to check the chain against our
        * trusted CAs list first.
+       * if we have only one certificate in the chain, don't ignore it though,
+       * as it's the CA certificate itself.
        */
       last_cert = g_ptr_array_index (priv->cert_chain, num_certs - 1);
 
-      if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0)
+      if (gnutls_x509_crt_check_issuer (last_cert, last_cert) > 0 &&
+          num_certs > 1)
         num_certs--;
     }