What is the best way with libgnutls do see whether a certificate is self-signed? I'm guessing you have to compare issuer with subject, but is there a preferred way to do that? From RFC5280 it seems to me that this comparison is not trivial to do, but maybe for self-signed they really always match byte for byte? -David