not push CA, revert error code when being OpensslExtra mode

src/internal.c

@@ -19048,6 +19048,12 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 #else
 
     int error = (int)e;
+#ifdef OPENSSL_EXTRA
+    /* OpenSSL uses positive error codes */
+    if (error > 0) {
+        error = -error;
+    }
+#endif
 
     /* pass to wolfCrypt */
     if (error < MAX_CODE_E && error > MIN_CODE_E) {

src/ssl.c

@@ -18791,11 +18791,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
         }
         ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
                              ssl->session.chain.certs[i].length);
-        if (ret == 0 && 
+#if !defined(WOLFSSL_QT)
-#if defined(WOLFSSL_QT)
+        if (ret == 0 && i == ssl->session.chain.count-1) {
-            ssl->options.side == WOLFSSL_CLIENT_END &&
-#endif
-            i == ssl->session.chain.count-1) {
             /* On the last element in the chain try to add the CA chain
              * first if we have one for this cert */
             if (pushCAx509Chain(ssl->ctx->cm, x509, sk)
@@ -18803,6 +18800,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
                 ret = WOLFSSL_FATAL_ERROR;
             }
         }
+#else
+        (void)pushCAx509Chain;
+#endif
 
         if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Error decoding cert");