LDAP with SSL broken after update to 21.7.4

[ahaase-c4u]

Describe the bug

We have and opnSense instance using Samba AD instance for authentication, which requires LDAPS. For this purpose we imported the CA, which signed the domain controller's certificates and configured opnSende to use port 636 and SSL encrypted connections. This worked perfectly until including 21.7.3_3. Now after updating to 21.7.4, contact to domain controllers throws error in auth tester mentioning:

The following input errors were detected:

Authentication failed.
error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate)
ldap_error: Can't contact LDAP server

Checking System->Trust->Authorities, the necessary CA is still installed, marked as being not internally and not being trusted.

To Reproduce

Steps to reproduce the behavior:

1. Create external self-signed root ca.
2. Install the ca to the opnSense
3. Use the ca to sign SSL certificate for ldap server or domain controller
4. Configure opnSense to connect to ldap server using SSL
5. Using the auth tester, the opnSense shows the abovementioned error message.

Expected behavior

Trust installed authorities or give the admin to decide to trust the ca.

Describe alternatives you considered

Switching from SSL encrypted to plaintext connections to LDAP, make all working again. But im comparison to SSL setup, this is crude.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 21.7.4 (amd64, OpenSSL).

[AdSchellevis]

Might be due to 5b9d7ba if the current certificate is an intermediate one. The new behaviour can be disabled in System->Settings->General (Store intermediate)

[ahaase-c4u]

This restores the old behaviour and fixes my problem. Thank you very much.