Hi Isabelle,
https://datatracker.ietf.org/doc/html/r … tion-4.4.2 has the following pragraph:
Note: Prior to TLS 1.3, "certificate_list" ordering required each
certificate to certify the one immediately preceding it; however,
some implementations allowed some flexibility. Servers sometimes
send both a current and deprecated intermediate for transitional
purposes, and others are simply configured incorrectly, but these
cases can nonetheless be validated properly. For maximum
compatibility, all implementations SHOULD be prepared to handle
potentially extraneous certificates and arbitrary orderings from any
TLS version, with the exception of the end-entity certificate which
MUST be first.
Without WOLFSSL_ALT_CERT_CHAINS we expect the proper ordering and no other extra certificates. With WOLFSSL_ALT_CERT_CHAINS we follow the guidance above.
Warm regards, Anthony