(no title)

BadTLS explicitly exists to test certs that you generally should not, but often do, run into in the wild. As a result, most software handles these in poor ways, with error messages that are unhelpful at best.

Writing tests that utilize a custom root doesn’t seem all that much work for a library supporting TLS.