df5854986c
instead of rejecting any non-leaf certificate not pre-validated by OpenSSL, treat them as valid but keep track of the fact that the pre-validation result is no logner trustable. certificate chains completely trusted by openssl are still accepted like before, and leaf certificates without a chain are also handled the same (since the verify callback is only ever called with depth == 0 in that case). Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>