Recently I got the same problems here. Normally if you have multiple
certificates with the same subject, OpenSSL will pick up the first one. As
Stephen said, OpenSSL will also check AKID/SKID, but only if both of them have
that extension available. Otherwise, it won't. Even the target certificat
Winsock.h file is included in dtls1.h, and also dtls1.h included in ssl.h,
without any conditions. This will make the project which use Windows socket
and openssl get a lot of compiling errors. Nowadays most people on Windows
use winsock2.h instead of winsock.h, by defining WIN32_MEAN_AND_LEAN, etc
