From 9be2b2f54c69b88beb6356ff14e2933f3c50b61a Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Tue, 30 May 2017 00:09:42 -0700
Subject: [PATCH] CACreateCert: correct wording about self-signed combo certs

It's still mumbo jumbo, but at least it's not a sentence
fragment anymore.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 CACreateCert | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CACreateCert b/CACreateCert
index 7ce55e0..d2dde8d 100755
--- a/CACreateCert
+++ b/CACreateCert
@@ -592,8 +592,10 @@ BUGS
        the --root option with one of the others (e.g. --client, --email,
        --codesign, --server) is poorly documented.  Furthermore, since the
        standard (see RFC 5280) effectively requires at least two certificates
-       in a valid certificate chain since a chain must have a non-root leaf
-       to be valid.
+       in any certificate chain (because a chain must have a non-root leaf
+       certificate), such self-signed combination root certificates, when used
+       by themselves, are technically unable to create a valid certificate
+       chain.
 
        DSA is not supported even though it is possible to create a valid
        certificate that uses dsaWithSHA1.  But since SHA-1 should not be used
-- 
2.11.4.GIT