Send certificate chain matching accepted CAs
When performing TLS client authentication, the TLS RFCs state that the chain should not contain the issuer certificate referenced in certificate request message. Furthermore only certificates which match any of the referenced CAs may be used for the authentication.
For the special case where no issuer is referenced any certificate is acceptable for the server. The Root CA certificate is excluded in that case.