During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails, unless the application explicitly specifies X509_V_FLAG_NO_ALT_CHAINS.
An error in the implementation of this logic could erroneously mark certificate as trusted when they should not.
