To explain a bit furhter what the code does: It inserts the issuer into an otherwise empty truststore. Then it tries to check the certificate with that. Now there are three cases:
1. If the direct signature issuer -> subject is broken, verify will fail at depth 0 and the function will throw an exception.
2. If the direct signature issuer -> subject is correct and issuer is a self-signed certificate, verify will succeed, the function returns None.
3. If the direct signature issuer -> subject is correct and the issuer is an intermediate CA, verify will fail at depth 1 (!), the function returns None (!).
To explain a bit furhter what the code does: It inserts the issuer into an otherwise empty truststore. Then it tries to check the certificate with that. Now there are three cases:
1. If the direct signature issuer -> subject is broken, verify will fail at depth 0 and the function will throw an exception.
2. If the direct signature issuer -> subject is correct and issuer is a self-signed certificate, verify will succeed, the function returns None.
3. If the direct signature issuer -> subject is correct and the issuer is an intermediate CA, verify will fail at depth 1 (!), the function returns None (!).
Hope that clears it up,
Johannes