diff --git a/src/security/certstore.cpp b/src/security/certstore.cpp index 9985bc72393fe77235abd81d3bd9fee50181e330..52ea5690f871d270c5d0f4797a460bb4726e1e69 100644 --- a/src/security/certstore.cpp +++ b/src/security/certstore.cpp @@ -511,7 +511,8 @@ TrustStore::isAllowed(const crypto::Certificate& crt, bool allowPublic) // Match by certificate chain updateKnownCerts(); auto ret = allowed_.verify(crt); - if (not ret) { + // Unknown issuer (only that) are accepted if allowPublic is true + if (not ret and !(allowPublic and ret.result == (GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_FOUND))) { RING_WARN("%s", ret.toString().c_str()); return false; }