https server how to create a list of trusted certificates, Client always get unknown CA

Question

My system is Linux.

I try to create a tlsv1.2 https server with Openssl which need check client's certificate, but when Client tries to hands shake with Server, after Client sends Certificate to Server, Server will reply Unknown CA.enter image description here

I can confirm that it is the problem of the certificate, because I will SSL_CTX_set_verify(IEctx, SSL_VERIFY_PEER, NULL) After the comment is removed, the handshake can be completed.

Is it because the server does not trust this certificate?

Does the server set the trust certificate through SSL_CTX_set_client_CA_list()?

    init_openssl_library();
    SSL_load_error_strings();
    // build the SSL objects...
    const SSL_METHOD* method = TLS_server_method();
    SSLeay_add_ssl_algorithms();
    if (!(NULL != method)) fprintf(stderr, "SSL Method Error\n");

    IEctx = SSL_CTX_new(method);
    if (!(IEctx != NULL)) fprintf(stderr, "CXT New Error\n");
    SSL_CTX_set_cipher_list(IEctx, "ECDHE-ECDSA-AES128-CCM8");
    SSL_CTX_set_verify(IEctx, SSL_VERIFY_PEER, NULL);

    SSL_CTX_load_verify_locations(IEctx,"sat-root.crt",NULL);
    STACK_OF(X509_NAME)  *list;
    list = SSL_load_client_CA_file("Root.pem");
        
    if (list == NULL) {
        printf("Failed to load client CA file from \"Root.pem\"\n");
        //return -1;
    }
    SSL_CTX_set_client_CA_list(IEctx, SSL_load_client_CA_file("Root.pem"));
    SSL_CTX_use_certificate_file(IEctx, "sat-root.pem", SSL_FILETYPE_PEM);//root CA
    SSL_CTX_use_certificate_chain_file(IEctx, "sat-cli_mca-mica-dev_55937-13-1_56000020.pem");//Chain CA
    if (SSL_CTX_use_PrivateKey_file(IEctx, "sat-key_dev_55937-13-1_56000020.pem", SSL_FILETYPE_PEM) <= 0) {//Private Key
        ERR_print_errors_fp(stdout);
        return 1;
    }
    if (!SSL_CTX_check_private_key(IEctx)) {//Check Private key
        ERR_print_errors_fp(stdout);
        return 1;
    }
    if (!IEctx) {
        ERR_print_errors_fp(stderr);
    }
    IEssl = SSL_new(IEctx);
    SSL_set_fd(IEssl, listener);
    FD_SET(listener, &master);
    if (select(fdmax + 1, &read_fds, NULL, NULL, &tv) == -1) {
        perror("select");
        return 4;
    }
    for (int i = 0; i <= fdmax; i++) {
        if (FD_ISSET(i, &read_fds)) { // 我們找到一個！！
            DC_DEBUG_NL("we find one");
            if (i == listener) {
                DC_DEBUG_NL("i == listener");
                // handle new connections
                addrlen = sizeof remoteaddr;
                newfd = accept(listener, (struct sockaddr *)&remoteaddr, &addrlen);

                if (newfd == -1) {
                    perror("accept");
                } else {
                    DC_DEBUG_NL("add new fd");
                    SSL_set_fd(IEssl, newfd);  //新增到 master set
                    if (newfd > fdmax) {     //持續追蹤最大的 fd
                        fdmax = newfd;
                    }
                    int r = SSL_accept(IEssl);
                    if (r == 1){
                        DC_DEBUG_NL("scuess to accept");
                    }
                    nbytes = SSL_read(IEssl, IEEEBuf, sizeof(IEEEBuf) - 1);
                    DC_DEBUG_NL("IEEEBuf[nbytes]=%s", IEEEBuf);
                    string webpage = "/ntfy/0";
                    string RequestBody = "";
                    string SendstrPacket = "";
                    char chRequest[500];
                    SendstrPacket = https.TransToPacketFormat(P_IE2030, RequestBody, webpage, "", H_Create);
                    StrToChar(chRequest, SendstrPacket);
                    int result = SSL_write(IEssl, chRequest, strlen(chRequest));
                    if(result != -1){
                        DC_DEBUG_NL("scuess to write");
                    }
                }

            }