$OpenBSD$

index 22e3f61..c078eda 100644
--- security/pkix/lib/pkixbuild.cpp.orig	Fri Feb 20 15:40:39 2015
+++ security/pkix/lib/pkixbuild.cpp	Fri Feb 20 15:40:39 2015
@@ -225,6 +225,30 @@ BuildForward(TrustDomain& trustDomain,
   }
 
   if (trustLevel == TrustDomain::TrustAnchor) {
+    ScopedCERTCertList certChain(CERT_NewCertList());
+    if (!certChain) {
+      PR_SetError(SEC_ERROR_NO_MEMORY, 0);
+      return MapSECStatus(SECFailure);
+    }
+
+    rv = subject.PrependNSSCertToList(certChain.get());
+    if (rv != Success) {
+      return rv;
+    }
+    BackCert* child = subject.childCert;
+    while (child) {
+      rv = child->PrependNSSCertToList(certChain.get());
+      if (rv != Success) {
+        return rv;
+      }
+      child = child->childCert;
+    }
+
+    SECStatus srv = trustDomain.IsChainValid(certChain.get());
+    if (srv != SECSuccess) {
+      return MapSECStatus(srv);
+    }
+
     // End of the recursion. Create the result list and add the trust anchor to
     // it.
     results = CERT_NewCertList();