Hi OpenSSL users, Greetings from me! I am using the master branch of OpenSSL and testing client-arg program (in demos/bio) with "google.com:443": # LD_LIBRARY_PATH=/root/openssl/build gdb --args ./client-arg -connect "google.com:443" ...... (gdb) 91 if (BIO_do_connect(sbio) <= 0) { (gdb) 97 if (BIO_do_handshake(sbio) <= 0) { (gdb) p ssl->verify_result $1 = 18 The connection is successful, but the ssl->verify_result is 18, i.e., X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT. I am a little confused why OpenSSL reports google's certificate is "self-signed"? And it should be not. The following result is from "openssl s_client": # openssl s_client -connect google.com:443 CONNECTED(00000003) depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com verify return:1 --- Certificate chain 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com i:C = US, O = Google Trust Services, CN = GTS CA 1O1 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign --- Anyone can give some clues? Thanks very much in advance! Best Regards Nan Xiao