WolfSSL v5.0.0 includes an added build option to configure wolfSSL with the alternate certificate chain feature enabled! Default wolfSSL behavior is to require validation of all presented peer certificates. This also allows loading intermediate Certificate Authorities (CA’s) as trusted and ignoring no signer failures for CA’s up the chain to root. Enabling alternate certificate chain mode only requires that the peer certificate validate to a trusted CA.
The newly added build improvement allows the option
--enable-altcertchains to be appended to the
./configure script to build the wolfSSL library with alternate certificate chain mode enabled.
More information on building wolfSSL can be found in the wolfSSL manual.