X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcredential.py;fp=sfa%2Ftrust%2Fcredential.py;h=ecdd3bdc7761c43537adc4e37ccafd58d68e5fac;hb=0a9902d2a55a0a9ac03601345c4284293669012b;hp=54fe3fc1486aaaf2391a19287847b2b490d84bf8;hpb=04a3f20dc71bf8b3f96b1e3172623aa346a638a7;p=sfa.git

diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 54fe3fc1..ecdd3bdc 100644
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -882,11 +882,16 @@ class Credential(object):
         # If caller explicitly passed in None that means skip cert chain validation.
         # - Strange and not typical
         if trusted_certs is not None:
-            # Verify the gids of this cred and of its parents
+            # Verify the caller and object gids of this cred and of its parents
             for cur_cred in self.get_credential_list():
-                cur_cred.get_gid_object().verify_chain(trusted_cert_objects)
-                cur_cred.get_gid_caller().verify_chain(trusted_cert_objects)
-
+                # check both the caller and the subject 
+                for gid in cur_cred.get_gid_object(), cur_cred.get_gid_caller():
+                    logger.debug("Credential.verify: verifying chain {}"
+                                 .format(gid.pretty_cert()))
+                    logger.debug("Credential.verify: against trusted {}"
+                                 .format(" ".join(trusted_certs)))
+                    gid.verify_chain(trusted_cert_objects)
+                        
         refs = []
         refs.append("Sig_{}".format(self.get_refid()))