From 2fc4b5f8d5400f6ebd284a0e6fbaad23a345b585 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Sat, 23 Jan 2016 18:29:57 +0100
Subject: [PATCH] fix: better choose CAcert if multiple are available

---
 src/crypto/sslUtil.h | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/crypto/sslUtil.h b/src/crypto/sslUtil.h
index 4a451b3..87e908c 100644
--- a/src/crypto/sslUtil.h
+++ b/src/crypto/sslUtil.h
@@ -34,13 +34,20 @@ struct Profile {
     std::vector<std::shared_ptr<CAConfig>> ca;
     std::time_t maxValidity;
     std::shared_ptr<CAConfig> getCA() {
+        std::shared_ptr<CAConfig> min = nullptr;
         for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
-            if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0 ) {
-                return *it;
+            if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0) {
+                if(min != nullptr){
+                    if(strcmp(min->name.c_str(), (*it)->name.c_str()) < 0){
+                        min = *it;
+                    }
+                }else{
+                    min=*it;
+                }
             }
         }
 
-        return ca[0];
+        return min == nullptr ? ca[0] : min;
     }
 };
 
-- 
2.39.2