From 344a2611f2974f6ad0c1e5573f0470c416651b20 Mon Sep 17 00:00:00 2001
From: Evgeniy Khramtsov <ekhramtsov@process-one.net>
Date: Thu, 7 Dec 2017 00:29:19 +0300
Subject: [PATCH] Avoid infinite loop between self-signed certs

---
 src/ejabberd_pkix.erl | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/ejabberd_pkix.erl b/src/ejabberd_pkix.erl
index ef25386cd..a67df1288 100644
--- a/src/ejabberd_pkix.erl
+++ b/src/ejabberd_pkix.erl
@@ -689,11 +689,16 @@ get_cert_paths(Certs) ->
       end, Certs),
     lists:foreach(
       fun({Cert1, Cert2}) when Cert1 /= Cert2 ->
-	      case public_key:pkix_is_issuer(Cert1, Cert2) of
+	      case public_key:pkix_is_self_signed(Cert1) of
 		  true ->
-		      digraph:add_edge(G, Cert1, Cert2);
+		      ok;
 		  false ->
-		      ok
+		      case public_key:pkix_is_issuer(Cert1, Cert2) of
+			  true ->
+			      digraph:add_edge(G, Cert1, Cert2);
+			  false ->
+			      ok
+		      end
 	      end;
 	 (_) ->
 	      ok