The code has made some allowances for supporting the real word certificates.

Notably there are some hacks for recognizing invalid DER encodings (like specifying DEFAULT values), incorrect RSA SignatureAlgorithm encodings, and more.

Each of these deviations should be:
* Documented
* Wired up to the error/warning mechanism ( issue 634443 )

In the future we would like to whittle down these hacks, so important they be identified.