diff --git a/src/common/pki/certify.rs b/src/common/pki/certify.rs
index f6ce4242..34e21195 100644
--- a/src/common/pki/certify.rs
+++ b/src/common/pki/certify.rs
@@ -10,7 +10,6 @@ use chrono::Utc;
 use sequoia_openpgp as openpgp;
 use openpgp::Cert;
 use openpgp::Result;
-use openpgp::cert::amalgamation::ValidAmalgamation;
 use openpgp::packet::prelude::*;
 use openpgp::packet::signature::subpacket::NotationData;
 use openpgp::packet::signature::subpacket::NotationDataFlags;
@@ -201,8 +200,6 @@ The certifier is the same as the certificate to certify."));
                                  if the trust depth is greater than 0"));
     }
 
-    let vc = cert.with_policy(sq.policy, sq.time)?;
-
     // Get the signer to certify with.
     let mut signer = sq.get_certification_key(certifier, None)?;
 
@@ -299,7 +296,7 @@ The certifier is the same as the certificate to certify."));
         .map(|(userid, active_certification)| {
             let userid_str = || String::from_utf8_lossy(userid.value());
 
-            if let Some(ua) = vc.userids().find(|ua| ua.userid() == &userid) {
+            if let Some(ua) = cert.userids().find(|ua| ua.userid() == &userid) {
                 if retract {
                     // Check if we certified it.
                     if ! ua.certifications().any(|c| {
@@ -313,7 +310,9 @@ The certifier is the same as the certificate to certify."));
                         return Ok(vec![ Packet::from(userid.clone()) ]);
                     }
                 } else {
-                    if let RevocationStatus::Revoked(_) = ua.revocation_status() {
+                    if let RevocationStatus::Revoked(_)
+                        = ua.revocation_status(sq.policy, sq.time)
+                    {
                         // It's revoked.
                         if user_supplied_userids {
                             // It was explicitly mentioned.  Return an
diff --git a/tests/integration/sq_pki_link.rs b/tests/integration/sq_pki_link.rs
index 58405863..3d04eb15 100644
--- a/tests/integration/sq_pki_link.rs
+++ b/tests/integration/sq_pki_link.rs
@@ -651,3 +651,38 @@ fn sq_pki_link_add_temporary() -> Result<()> {
 
     Ok(())
 }
+
+#[test]
+fn retract_non_self_signed() {
+    // Make sure we can retract non-self signed user IDs.
+    let mut sq = Sq::new();
+
+    let alice_userid = "Alice <alice@example.org>";
+    let (alice, alice_pgp, _) = sq.key_generate(&[], &[alice_userid]);
+    sq.key_import(&alice_pgp);
+
+    let petname = "Mon chouchou";
+
+    let msg = artifact("messages/a-cypherpunks-manifesto.txt");
+    let sig_msg = sq.scratch_file(None);
+    let sig_msg = sig_msg.as_path();
+    let sig_msg_str = sig_msg.display().to_string();
+    sq.sign(alice.key_handle(), None, &msg, sig_msg);
+
+    // Verifying should fail: alice's certificate is not linked at all.
+    sq_verify(&sq, None, &[], &[], &sig_msg_str, 0, 1);
+
+    // Link a non-self-signed user ID.
+    sq.tick(1);
+    sq.pki_link_add(&["--add-userid"], alice.key_handle(), petname);
+
+    // Now it should work.
+    sq_verify(&sq, None, &[], &[], &sig_msg_str, 1, 0);
+
+    // Retract the link.
+    sq.tick(1);
+    sq_retract(&sq, &alice.fingerprint().to_string(), &[petname], &[]);
+
+    // Now it should fail.
+    sq_verify(&sq, None, &[], &[], &sig_msg_str, 0, 1);
+}