Hi,
I am developing some stuff using WolfSSL and would like to confirm what I saw with you:
Our server had the CA chain; CA1->CA2->CA3->CA4, which CA1 is the root CA. CA1 signs CA2, CA2 signs CA3 and CA3 signs CA4.
When doing TLS handshaking, the server sends the CA chain to the client in the order CA4, CA3, CA2

So now it seems to be what behaves differently between WolfSSL and other crypto libraries including OpenSSL.
1. We had CA3 in the client as the trusted root.
2. Other crypto library such as OpenSSL searches the CA chain in the order it received from the server. So it starts with CA4 and found it was signed by CA3. Then CA3 is part of local trust root, the search ends there and verification is done.
3. But with WolfSSL, it seems it searches in the different order. It starts with CA2, and found nothing to verify it and fails the verification. To make it work, we would need to to have either CA2 or CA1 in our local CA store.

I just want to confirm with you that my observation is correct and it is expected behavior.
Thanks!