Then you're likely in the top 10 experts of the field ;)
The fact that OpenSSL did it wrong for 15 years doesn't bode well for the myriads of TLS implementations that are around.
My experience with the x509 part of SSL/TLS stacks is really not good when you start to use something else than OpenSSL/NSS (well PolarSSL is pretty good too). Quite often there is enough implemented to interoperate in the common use cases, but you're on your own if you need a complete standard support... Then it has been a while, maybe it's a lot better now.
Speaking from personal experience, writing code to correctly validate x509 certificates isn't as hard as it looks.