Take the leaf of a certificate chain if one is provided

for a screen certificate (#937).

2 files changed, 7 insertions, 3 deletions

diff --git a/src/wx/config_dialog.cc b/src/wx/config_dialog.cc
index ac5d90296..0369070a7 100644
--- a/src/wx/config_dialog.cc
+++ b/src/wx/config_dialog.cc
@@ -773,8 +773,9 @@ private:
 
 		if (d->ShowModal() == wxID_OK) {
 			try {
-				dcp::Certificate c (dcp::file_to_string (wx_to_std (d->GetPath ())));
-				if (c.extra_data ()) {
+				dcp::Certificate c;
+				string const extra = c.read_string (dcp::file_to_string (wx_to_std (d->GetPath ())));
+				if (!extra.empty ()) {
 					message_dialog (
 						this,
 						_("This file contains other certificates (or other data) after its first certificate. "
diff --git a/src/wx/screen_dialog.cc b/src/wx/screen_dialog.cc
index e01b98962..0ecf223e6 100644
--- a/src/wx/screen_dialog.cc
+++ b/src/wx/screen_dialog.cc
@@ -25,6 +25,7 @@
 #include "lib/compose.hpp"
 #include "lib/util.h"
 #include <dcp/exceptions.h>
+#include <dcp/certificate_chain.h>
 #include <wx/filepicker.h>
 #include <wx/validate.h>
 #include <iostream>
@@ -151,7 +152,9 @@ void
 ScreenDialog::load_recipient (boost::filesystem::path file)
 {
 	try {
-		set_recipient (dcp::Certificate (dcp::file_to_string (file)));
+		/* Load this as a chain, in case it is one, and then pick the leaf certificate */
+		dcp::CertificateChain c (dcp::file_to_string (file));
+		set_recipient (c.leaf ());
 	} catch (dcp::MiscError& e) {
 		error_dialog (this, wxString::Format (_("Could not read certificate file (%s)"), std_to_wx(e.what()).data()));
 	}