X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp b/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp
index 4781af8c..62b6f7b8 100644
--- a/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp
+++ b/OSX/libsecurity_apple_x509_tp/lib/TPCertInfo.cpp
@@ -40,8 +40,8 @@
 #include <Security/SecImportExport.h>
 #include <Security/SecTrustSettingsPriv.h>
 
-#define tpTimeDbg(args...)		secdebug("tpTime", ## args)
-#define tpCertInfoDbg(args...)	secdebug("tpCert", ## args)
+#define tpTimeDbg(args...)		secinfo("tpTime", ## args)
+#define tpCertInfoDbg(args...)	secinfo("tpCert", ## args)
 
 static const TPClItemCalls tpCertClCalls =
 {
@@ -2034,8 +2034,9 @@ post_trust_setting:
 				 * from the net; we prevent that from happening when the certs
 				 * are in inCertGroup or gatheredCerts by keeping track of those
 				 * certs' mUsed state.
+				 * Also handle Radar 23734683, endless loop of untrusted roots.
 				 */
-				if(isInGroup(*issuerCert)) {
+				if(isInGroup(*issuerCert) || gatheredCerts->isInGroup(*issuerCert)) {
 					tpDebug("buildCertGroup: Multiple instances of cert");
 					delete issuerCert;
 					issuerCert = NULL;