diff --git a/sm2/sm2.go b/sm2/sm2.go
index 549f3b6..a7a7286 100644
--- a/sm2/sm2.go
+++ b/sm2/sm2.go
@@ -578,7 +578,7 @@ func encodeSignature(r, s []byte) ([]byte, error) {
 // addASN1IntBytes encodes in ASN.1 a positive integer represented as
 // a big-endian byte slice with zero or more leading zeroes.
 func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) {
-	for len(bytes) > 1 && bytes[0] == 0 {
+	for len(bytes) > 0 && bytes[0] == 0 {
 		bytes = bytes[1:]
 	}
 	if len(bytes) == 0 {
diff --git a/smx509/verify.go b/smx509/verify.go
index 7d582c0..92c7c25 100644
--- a/smx509/verify.go
+++ b/smx509/verify.go
@@ -802,6 +802,10 @@ func (c *Certificate) buildChains(currentChain []*Certificate, sigChecks *int, o
 
 		err = candidate.isValid(certType, currentChain, opts)
 		if err != nil {
+			if hintErr == nil {
+				hintErr = err
+				hintCert = candidate
+			}
 			return
 		}