From 5cce5722c522d9820765698154b814640c374b5f Mon Sep 17 00:00:00 2001
From: Ruben van Staveren <ruben@verweg.com>
Date: Wed, 27 Jul 2022 12:45:10 +0200
Subject: [PATCH] Also find a possible parent, and add it to the end of the
 list

---
 sort_certificate.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sort_certificate.py b/sort_certificate.py
index 98c32dd..582bec7 100755
--- a/sort_certificate.py
+++ b/sort_certificate.py
@@ -252,9 +252,14 @@ def order_x509(x509_objects, root_issuers):
     while x509_objects:
         sibling = [x for x in x509_objects
                    if x.get_issuer() == bundle[0].get_subject()]
+        parent = [x for x in x509_objects
+                  if x.get_subject() == bundle[-1].get_issuer()]
         if sibling and len(sibling) == 1:
             # insert sibling at beginning of list
             bundle.insert(0, x509_objects.pop(x509_objects.index(sibling[0])))
+        elif parent and len(parent) == 1:
+            # Try to place a (cross signed) intermediate at the end if it matches
+            bundle.append(x509_objects.pop(x509_objects.index(parent[0])))
         else:
             # Lets complain
             logging.error('Certificates remaining data\n\t%s',