fix: better choose CAcert if multiple are available

diff --git a/src/crypto/sslUtil.h b/src/crypto/sslUtil.h
index 4a451b3a1903aae6d251c1579f5e71efbe89c79a..87e908c1cbb3ea64022908d62078ab43ca54a1f5 100644 (file)
--- a/src/crypto/sslUtil.h
+++ b/src/crypto/sslUtil.h
@@ -34,13 +34,20 @@ struct Profile {
     std::vector<std::shared_ptr<CAConfig>> ca;
     std::time_t maxValidity;
     std::shared_ptr<CAConfig> getCA() {
+        std::shared_ptr<CAConfig> min = nullptr;
         for( auto it = ca.rbegin(); it != ca.rend(); it++ ) {
-            if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0 ) {
-                return *it;
+            if( X509_cmp_current_time( ( *it )->notBefore.get() ) < 0) {
+                if(min != nullptr){
+                    if(strcmp(min->name.c_str(), (*it)->name.c_str()) < 0){
+                        min = *it;
+                    }
+                }else{
+                    min=*it;
+                }
             }
         }
 
-        return ca[0];
+        return min == nullptr ? ca[0] : min;
     }
 };