I think that is a long standing openssl bug that it demands full chains, and more so it trips up not only when the chain is incomplete, but also where there are extra chains, which are redundant; and if any of them have untrusted certs, or certs of small sizes / old hashes (aka legacy chains) it also refuses to establish connections.
I think that is a long standing openssl bug that it demands full chains, and more so it trips up not only when the chain is incomplete, but also where there are extra chains, which are redundant; and if any of them have untrusted certs, or certs of small sizes / old hashes (aka legacy chains) it also refuses to establish connections.