4 files changed, 8 insertions, 32 deletions
diff --git a/src/lib/cert/x509/key_constraint.cpp b/src/lib/cert/x509/key_constraint.cpp
index a90af013c..30d1cb3b8 100644
--- a/src/lib/cert/x509/key_constraint.cpp
+++ b/src/lib/cert/x509/key_constraint.cpp
@@ -31,8 +31,7 @@ void verify_cert_constraints_valid_for_key_type(const Public_Key& pub_key,
       permitted |= KEY_ENCIPHERMENT | DATA_ENCIPHERMENT;
       }
 
-   if(name == "RSA" || name == "RW" || name == "NR" ||
-      name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA")
+   if(name == "RSA" || name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA")
       {
       permitted |= DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_CERT_SIGN | CRL_SIGN;
       }
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp
index ffedf43f0..5765214ae 100644
--- a/src/lib/cert/x509/x509cert.cpp
+++ b/src/lib/cert/x509/x509cert.cpp
@@ -72,32 +72,6 @@ X509_Certificate::X509_Certificate(const std::vector<byte>& in) :
    do_decode();
    }
 
-X509_Certificate::X509_Certificate(const X509_Certificate& other) :
-   X509_Object(other)
-   {
-   m_subject = other.m_subject;
-   m_issuer = other.m_issuer;
-   m_self_signed = other.m_self_signed;
-   m_v3_extensions = other.m_v3_extensions;
-   }
-
-X509_Certificate& X509_Certificate::operator=(const X509_Certificate& other)
-   {
-   if(&other == this)
-      {
-      return *this;
-      }
-   else
-      {
-      m_subject = other.m_subject;
-      m_issuer = other.m_issuer;
-      m_self_signed = other.m_self_signed;
-      m_v3_extensions = other.m_v3_extensions;
-      }
-   return *this;
-   }
-
-
 /*
 * Decode the TBSCertificate data
 */
@@ -128,7 +102,6 @@ void X509_Certificate::force_decode()
    if(m_sig_algo != sig_algo_inner)
       throw Decoding_Error("Algorithm identifier mismatch");
 
-   m_self_signed = (dn_subject == dn_issuer);
 
    m_subject.add(dn_subject.contents());
    m_issuer.add(dn_issuer.contents());
@@ -171,6 +144,9 @@ void X509_Certificate::force_decode()
    m_subject.add("X509.Certificate.public_key",
                hex_encode(public_key.value));
 
+   std::unique_ptr<Public_Key> pub_key(subject_public_key());
+   m_self_signed = (dn_subject == dn_issuer) && check_signature(*pub_key);
+
    if(m_self_signed && version == 0)
       {
       m_subject.add("X509v3.BasicConstraints.is_ca", 1);
diff --git a/src/lib/cert/x509/x509cert.h b/src/lib/cert/x509/x509cert.h
index eb98f9c3d..d64d8fd2b 100644
--- a/src/lib/cert/x509/x509cert.h
+++ b/src/lib/cert/x509/x509cert.h
@@ -274,9 +274,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object
 
       explicit X509_Certificate(const std::vector<byte>& in);
 
-      X509_Certificate(const X509_Certificate& other);
+      X509_Certificate(const X509_Certificate& other) = default;
 
-      X509_Certificate& operator=(const X509_Certificate& other);
+      X509_Certificate& operator=(const X509_Certificate& other) = default;
 
    private:
       void force_decode() override;
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index 436e27d39..c08b11d42 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -28,7 +28,8 @@ find_issuing_cert(const X509_Certificate& cert,
    const X509_DN issuer_dn = cert.issuer_dn();
    const std::vector<byte> auth_key_id = cert.authority_key_id();
 
-   if(const X509_Certificate* c = end_certs.find_cert(issuer_dn, auth_key_id))
+   const X509_Certificate* c = end_certs.find_cert(issuer_dn, auth_key_id);
+   if(c && *c != cert)
       return c;
 
    for(size_t i = 0; i != certstores.size(); ++i)