> On 3 Oct 2021, at 12:33 pm, Alex Robuchon <alexandre.robuchon@xxxxxxxxx> wrote: > > So I suppose openssl skip the part that is supposed to build the chain when no store is configured. Not quite, a candidate chain is constructed from whatever certificates the peer (server in your case) provided, and then passed to the callback with "preverify_ok" set to false (for the top certificate), because the chain is not trusted. But the evenmachine callback ignores "preverify_ok" and goes through the motions of doing some sort of verification of each certificate. Ultimately, it will attempt to "verify" the leaf certificate, and if it can somehow do a fair job of that (by building its own chain, checking all the signatures, doing the name checks (for a name that does not appear to be passed to the verification function), then in theory the checks at depths above 0 are just silly opportunities to fail and the EE cert check would be enough. But given all the evidence before me, I'd want to delete that code and never see it again. -- Viktor.
