From 51c420abb4babb7ded7bd05f242d6424460a360e Mon Sep 17 00:00:00 2001
From: Sylvain Bellemare <sbellem@gmail.com>
Date: Sun, 19 Oct 2025 17:27:17 +0900
Subject: [PATCH 1/2] Compare subject and issuer as strings

Otherwise the logic of the example will not verify the signature for
self-signed certificates, even though the subject and issuer are
identical, but differ in their raw ASN encoding form.

Fixes: #226
Related issue: #20
---
 examples/print-cert.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/print-cert.rs b/examples/print-cert.rs
index b7fd7b8..755ee97 100644
--- a/examples/print-cert.rs
+++ b/examples/print-cert.rs
@@ -218,7 +218,7 @@ fn print_x509_info(x509: &X509Certificate) -> io::Result<()> {
     #[cfg(any(feature = "verify", feature = "verify-aws"))]
     {
         print!("Signature verification: ");
-        if x509.subject() == x509.issuer() {
+        if x509.subject().to_string() == x509.issuer().to_string() {
             if x509.verify_signature(None).is_ok() {
                 println!("OK");
                 println!("  [I] certificate is self-signed");

From ff9ce66498bc0afc664ea5773eff97461c1b1a13 Mon Sep 17 00:00:00 2001
From: Sylvain Bellemare <sbellem@gmail.com>
Date: Tue, 21 Oct 2025 13:00:42 +0900
Subject: [PATCH 2/2] Show error if signature verificaton failed

---
 examples/print-cert.rs | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/examples/print-cert.rs b/examples/print-cert.rs
index 755ee97..ba2366a 100644
--- a/examples/print-cert.rs
+++ b/examples/print-cert.rs
@@ -219,12 +219,18 @@ fn print_x509_info(x509: &X509Certificate) -> io::Result<()> {
     {
         print!("Signature verification: ");
         if x509.subject().to_string() == x509.issuer().to_string() {
-            if x509.verify_signature(None).is_ok() {
-                println!("OK");
-                println!("  [I] certificate is self-signed");
-            } else if x509.subject() == x509.issuer() {
-                println!("FAIL");
-                println!("  [W] certificate looks self-signed, but signature verification failed");
+            match x509.verify_signature(None) {
+                Ok(_) => {
+                    println!("OK");
+                    println!("  [I] certificate is self-signed");
+                }
+                Err(e) => {
+                    println!("FAIL");
+                    println!("  [E] {:?}", e);
+                    println!(
+                        "  [W] certificate looks self-signed, but signature verification failed"
+                    );
+                }
             }
         } else {
             // if subject is different from issuer, we cannot verify certificate without the public key of the issuer