Certificate chains are processed in the wrong direction, so reverse it. If no root certificates were provided the root element would always fail. This is no longer the case.
