TLS handshake fails with verify error

[nothingwrongwiththisname]

After upgrading system libraries (including OpenSSL) and re-compiling RetroShare, previously unproblematic connections to friends all fail with the following error (no debugging enabled):

(Wed Feb  3 18:00:29 2021 Z: pqisslzone, lvl: 0): pqissl::SSL_Connection_Complete()                                                                                                         
Issues with SSL Connect(-1)!                                                                                                                                                                
RetVal(-1) -> SSL Error: SSL_ERROR_SSL                                                                                                                                                      
         + ERR Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
                                                                                                                                                                                            
pqissl::Extract_Failed_SSL_Certificate() FAILED Connection due to Security Issues                                                                                                           
(Wed Feb  3 18:00:29 2021 Z: pqisslzone, lvl: 0): pqissl::Extract_Failed_SSL_Certificate() Peer Didnt Give Cert                                                                             
pqissl::Extract_Failed_SSL_Certificate() ERROR Peer Didn't Give Us Certificate
(Wed Feb  3 18:00:29 2021 Z: pqisslzone, lvl: 0): pqissl::SSL_Connection_Complete() -> calling reset()                                                                                      

When looking at the network traffic, the TLS interaction is as follows:

No.	Time	Source	Destination	Protocol	Length	Info
1537	29.291590780	<me>	<friend>	TLSv1.2	339	Client Hello
1586	29.866800930	<friend>	<me>	TLSv1.2	2202	Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
1588	29.892898417	<me>	<friend>	TLSv1.2	73	Alert (Level: Fatal, Description: Certificate Expired)

By the way, the certificate presented by the server has both notAfter and notBefore set to 1970-01-01 (for anonymization purposes, I think).
Could it be that the updated OpenSSL version changed some of the (internal) certificate verification handling routines?
The above friend (who is not having trouble connecting to other friends) is using OpenSSL 1.0.2n.

My RetroShare/system version info is as follows:

RetroShare Version: 0.6.5alpha
Arch Linux QT 5.15.2

libretroshare
 - bzip2: 1.0.8, 13-Jul-2019
 - OpenSSL: OpenSSL 1.1.1i  8 Dec 2020
 - SQLite: 3.31.0
 - SQLCipher: 4.4.2 community
 - UPnP (MiniUPnP): 2.1.20191224
 - Zlib: 1.2.11

[csoler]

Debian had recently increased the security level of the handshake. RS master takes care of it, but it's not the case of 0.6.5. It's also possible that the "certificate expired" is a problem in your SSL libraries, which would be new as well.

[csoler]

v1.1.1f works. What's changed with 1.1.1i?

[nothingwrongwiththisname]

I think I had been running my previous RetroShare build on v1.1.1h, so if the issue is with the OpenSSL library itself (and not some setting or something else related), it probably just came with 1.1.1i.