From: Roberto Campesato <render@metalabs.org>
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -502,14 +502,6 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
         goto cleanup;
     }

-    for (i = 0; i < ncacerts; i++) {
-        if (qcrypto_tls_creds_check_cert(creds,
-                                         cacerts[i], cacertFile,
-                                         isServer, true, errp) < 0) {
-            goto cleanup;
-        }
-    }
-
     if (cert && ncacerts &&
         qcrypto_tls_creds_check_cert_pair(cert, certFile, cacerts,
                                           ncacerts, cacertFile,
diff --git a/tests/unit/test-crypto-tlscredsx509.c b/tests/unit/test-crypto-tlscredsx509.c
--- a/tests/unit/test-crypto-tlscredsx509.c
+++ b/tests/unit/test-crypto-tlscredsx509.c
@@ -285,7 +285,7 @@ int main(int argc, char **argv)
     TLS_TEST_REG(badca1, true, cacert4req.filename, servercert4req.filename,
                  true);
     TLS_TEST_REG(badca2, true,
-                 cacert5req.filename, servercert5req.filename, true);
+                 cacert5req.filename, servercert5req.filename, false);
     TLS_TEST_REG(badca3, true,
                  cacert6req.filename, servercert6req.filename, true);