From 742ff09f3b6230c548dd66978904ebdecce8f1f2 Mon Sep 17 00:00:00 2001
From: Russ Cam <russ.cam@elastic.co>
Date: Wed, 17 Jun 2020 15:56:56 +1000
Subject: [PATCH] Remove increment inside loop when validating intermediate CA
 (#4780)

This commit fixes a bug when validating an intermediate CA
to remove the increment inside of the loop, since it
is incremented outside the loop already.

Don't check the certificate thumbprint against
the CA thumbprint if it's already been found.

Fixes #4717
---
 src/Elasticsearch.Net/Connection/CertificateValidations.cs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/Elasticsearch.Net/Connection/CertificateValidations.cs b/src/Elasticsearch.Net/Connection/CertificateValidations.cs
index ff34e58dc77..61e2333f82a 100644
--- a/src/Elasticsearch.Net/Connection/CertificateValidations.cs
+++ b/src/Elasticsearch.Net/Connection/CertificateValidations.cs
@@ -119,12 +119,10 @@ X509RevocationMode revocationMode
 			{
 				var c = chain.ChainElements[i].Certificate.Thumbprint;
 				var cPrivate = privateChain.ChainElements[i].Certificate.Thumbprint;
-				if (c == ca.Thumbprint) found = true;
+				if (!found && c == ca.Thumbprint) found = true;
 
 				//mis aligned certificate chain, return false so we do not accept this certificate
 				if (c != cPrivate) return false;
-
-				i++;
 			}
 			return found;
 		}