From 614502a63c0950fe430766fe4abd741a3cfc1873 Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Tue, 24 Mar 2015 05:25:38 +0000
Subject: [PATCH] Generate fingerprints for chained certificates with an
 unknown root

---
 libratbox/src/openssl.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index 4544ad6bd..8044be1d7 100644
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -662,10 +662,12 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN])
 	if(cert != NULL)
 	{
 		res = SSL_get_verify_result((SSL *) F->ssl);
-		if(res == X509_V_OK ||
-				res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
-				res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
-				res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+		if(
+			res == X509_V_OK ||
+			res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
+			res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
+			res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
+			res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
 		{
 			unsigned int certfp_length = RB_SSL_CERTFP_LEN;
 			X509_digest(cert, EVP_sha1(), certfp, &certfp_length);