From e73a5a89a7afb96469c77e020a538d9ebd3b5584 Mon Sep 17 00:00:00 2001
From: Andrew Ayer <agwa@andrewayer.name>
Date: Fri, 5 Feb 2016 07:57:15 -0800
Subject: [PATCH] Ignore non-fatal errors when parsing root certificates

---
 helpers.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/helpers.go b/helpers.go
index 26fa74d..76a73ca 100644
--- a/helpers.go
+++ b/helpers.go
@@ -88,10 +88,19 @@ func allDNSNames (cert *x509.Certificate) []string {
 	return dnsNames
 }
 
+func isNonFatalError (err error) bool {
+	switch err.(type) {
+	case x509.NonFatalErrors:
+		return true
+	default:
+		return false
+	}
+}
+
 func getRoot (chain []ct.ASN1Cert) *x509.Certificate {
 	if len(chain) > 0 {
 		root, err := x509.ParseCertificate(chain[len(chain)-1])
-		if err == nil {
+		if err == nil || isNonFatalError(err) {
 			return root
 		}
 		log.Printf("Failed to parse root certificate: %s", err)