This is a tiny bit evil because it uses parts of the SSL protocol analyzer in the X.509 certificate parser. Which is the fault of the protocol, which replicates the functionality.
