diff -up gnutls-2.9.10/lib/x509/verify.c.sitetrusted gnutls-2.9.10/lib/x509/verify.c
--- gnutls-2.9.10/lib/x509/verify.c.sitetrusted	2010-02-17 14:08:56.000000000 +0100
+++ gnutls-2.9.10/lib/x509/verify.c	2010-03-02 21:32:36.000000000 +0100
@@ -440,10 +440,10 @@ _gnutls_x509_verify_certificate (const g
    * one of the certs we trust and all the certs after that i.e. if
    * cert chain is A signed-by B signed-by C signed-by D (signed-by
    * self-signed E but already removed above), and we trust B, remove
-   * B, C and D.  We must leave the first cert on chain. */
-  if (clist_size > 1 && !(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+   * B, C and D. */
+  if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
     {
-      for (i = 1; i < clist_size; i++)
+      for (i = 0; i < clist_size; i++)
 	{
 	  int j;
 
@@ -460,6 +460,10 @@ _gnutls_x509_verify_certificate (const g
 	}
     }
 
+  if (clist_size == 0)
+    /* We trust already the site certificate, nothing to verify. */
+    return 0;
+
   /* Verify the last certificate in the certificate path
    * against the trusted CA certificate list.
    *