https://www.youtube.com/watch?t=41&v=XsLFLzx4Nq4 Summary (tldr:):
Ashwini Oruganti - Introduction to HTTPS: A Comedy of Errors
Sadly, no sound till 4:17, but a good talk none the less.
So the TLDR bit - Don't trust anyone (or their code)...
Second postulate - Trust, but verify.