It was reported that X509_verify_cert() ignores the extended key usage extension of trust anchors. Only EKU extensions of intermediate and leaf certs are checked.
Quoting maintainer: "This is a known behaviour, that is already planned to be addressed in OpenSSL 1.1.0. In fact the EKU is only checked for certificates from the peer, and not those from the trust store, so if your CAfile or CApath contains intermediate certificates that get used to build the chain, those won't be checked either."
Created attachment 1127327 [details] Proposed patch from upstream
Created attachment 1127328 [details] Proposed patch from upstream
Created attachment 1127329 [details] Master/mitaka patch Proposed patch from upstream //ignore "master/mitaka" name
Created attachment 1127330 [details] Proposed patch from upstream
This patch was applied to upstream master branch to fix this issue: https://github.com/openssl/openssl/commit/33cc5dde478ba5ad79f8fd4acd8737f0e60e236e