there can more than 1 intermediate certificates; support chain of up to 100 certificates as OpenSSL does
diff --git a/lib/openssl.c b/lib/openssl.c
index e210477..4a5b0e4 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c
@@ -1239,7 +1239,7 @@
goto Exit;
}
X509_VERIFY_PARAM_set_purpose(params, is_server ? X509_PURPOSE_SSL_SERVER : X509_PURPOSE_SSL_CLIENT);
- X509_VERIFY_PARAM_set_depth(params, 1);
+ X509_VERIFY_PARAM_set_depth(params, 98); /* use the default of OpenSSL 1.0.2 and above; see `man SSL_CTX_set_verify` */
if (server_name != NULL) {
if (ptls_server_name_is_ipaddr(server_name)) {
X509_VERIFY_PARAM_set1_ip_asc(params, server_name);