This hopefully alleviates the fact that the name is unclear/misleading.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13735)
# define X509_TRUST_NO_SS_COMPAT (1U << 2)
/* Compat trust if no explicit accepted trust EKUs */
# define X509_TRUST_DO_SS_COMPAT (1U << 3)
-/* Accept "anyEKU" as a wildcard trust OID */
+/* Accept "anyEKU" as a wildcard rejection OID and as a wildcard trust OID */
# define X509_TRUST_OK_ANY_EKU (1U << 4)
/* check_trust return codes */