danwinship
commented
6 years ago but probably is also a problem for client-side authentication via certificates
Probably not actually; clients want to be able to process any server cert, and sometimes they'll need the full chain to be able to do that. But servers are only interested in processing client certs from clients that they know about, and if they get a cert that isn't signed by the expected CA, they'll just reject it immediately.
This currently is the remaining unit test failure.
It mostly concerns server connections, but probably is also a problem for client-side authentification via certificates. Problem here is that I don't know how to tell SChannel to send the complete chain, there seems to be no API for that available and it does not do that by itself, even if the whole chain is together with the certificate in the key store.