From 5976e801d8d7056418bb82aadde628eed375abda Mon Sep 17 00:00:00 2001
From: aeris <aeris@imirhil.fr>
Date: Wed, 1 Feb 2017 01:10:54 +0100
Subject: [PATCH] On SSLv2, peer chain is nil and not []

---
 lib/cryptcheck/tls/cert.rb       | 2 +-
 spec/cryptcheck/tls/cert_spec.rb | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/cryptcheck/tls/cert.rb b/lib/cryptcheck/tls/cert.rb
index 236ef01..52b8092 100644
--- a/lib/cryptcheck/tls/cert.rb
+++ b/lib/cryptcheck/tls/cert.rb
@@ -72,7 +72,7 @@ module CryptCheck
 					# Never add other self signed certificates than system CA !
 					next if cert.subject == cert.issuer
 					store.add_cert cert rescue nil
-				end
+				end if chain
 
 				trusted = store.verify cert
 				return :trusted if trusted
diff --git a/spec/cryptcheck/tls/cert_spec.rb b/spec/cryptcheck/tls/cert_spec.rb
index ab95e6d..2916250 100644
--- a/spec/cryptcheck/tls/cert_spec.rb
+++ b/spec/cryptcheck/tls/cert_spec.rb
@@ -18,6 +18,11 @@ describe CryptCheck::Tls::Cert do
 			cert, ca = load_chain %w(self-signed ca)
 			trust    = ::CryptCheck::Tls::Cert.trusted? cert, [], roots: ca
 			expect(trust).to eq 'self signed certificate'
+
+			# Case for SSLv2
+			cert, ca = load_chain %w(self-signed ca)
+			trust    = ::CryptCheck::Tls::Cert.trusted? cert, nil, roots: ca
+			expect(trust).to eq 'self signed certificate'
 		end
 
 		it 'must reject unknown CA' do