This program makes an HTTPS connection to a server and reports the
certificates provided by the server.
The server can be a domain name or IP address,
optionally with a port number.
For example, "www.example.com" or "127.0.0.1" or "www.example.com:8000".
The server name is included in the TLS client hello message.
The program then analyses the extent to which the certificates were
signed using keys from browsers’ trusted roots,
using trusted root certificates distributed by
Apple, Mozilla, and Microsoft, as of June 2016.
Note: this program analyses
only signatures.
Correct signatures are a prerequisite to trust, but they don't imply
trust.
The program ignores other trust-related parts of the certificates,
and doesn’t even have access to browser-specific trust settings.
This version of the program does not check Elliptic Curve signatures.