[BUG] error "invalid peer certificate: UnknownIssuer" for HTTPS profile without full-chain certification

[EraserKing]

Describe the bug
When importing a profile hosted on a HTTPS server using non full-chain certification, it may fail with this error: "error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer；"

To Reproduce
Steps to reproduce the behavior:

1. Issue certification by acme.sh, with issuer from either Let's Encrypt or ZeroSSL (does not matter)
2. Host a HTTPS site by nginx, with SSL enabled and specify its cert (using the one without intermediate CA, but not the full-chain one) and private key
3. Open anything of the site in browser, confirm no error / warning about SSL
4. Try to import the profile in Clash Verge

Expected behavior
The profile should be imported if it's a valid profile, or report some other error about the profile itself.
However it's saying the peer certification issue and refusing to download the profile.

Only by changing the certification configuration in nginx to use full-chain certification, this profile can be imported then.

Screenshots
N/A

Information

• OS: Windows 11
• Clash Verge Version: 1.3.8
• Clash Core: N/A

Additional context
What I can confirm is that using the certification w/o intermediate CA is definitely valid - it would rely on OS or browser provided root CA. Browser and Clash for Windows both accepts such certification well.
I guess this is somehow related to reqwest, but I'm not familiar with that.