From 2936a42bc7ee905e1431668f3ae6a227934c8f97 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Tue, 9 May 2017 21:58:03 +0200
Subject: [PATCH] address #626

---
 testssl.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 4c72713..d98c585 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -5907,7 +5907,13 @@ certificate_info() {
      fi
 
      out "$indent"; pr_bold " Chain of trust"; out "               "
-     determine_trust "$json_prefix" # Also handles fileout
+     if [[ "$issuer_O" =~ StartCom ]] || [[ "$issuer_O" =~ WoSign ]] || [[ "$issuer_CN" =~ StartCom ]] || [[ "$issuer_CN" =~ WoSign ]]; then
+          # Shortcut for this special case here.
+          pr_italic "WoSign/StartCom"; out " are " ; prln_svrty_critical "not trusted anymore (NOT ok)"
+          fileout "${json_prefix}issuer" "CRITICAL" "Issuer: not trusted anymore (WoSign/StartCom)"
+     else
+          determine_trust "$json_prefix" # Also handles fileout
+     fi
 
      # http://events.ccc.de/congress/2010/Fahrplan/attachments/1777_is-the-SSLiverse-a-safe-place.pdf, see page 40pp
      out "$indent"; pr_bold " EV cert"; out " (experimental)       "