Also if you're able to e.g. inject a deterministic random number generator into both libraries, you should be able to cross-check the crypto primitives.
Just create a server that spends all day and night throwing random inputs at the bleeding edge and released versions of all the libraries and see if they output the same values (i.e, either they are all equally broken or they all work).
Hm. I'll start looking into this if this could be turned into a general crypto/SSL/TSL-cross verification service. I'd need to wrap the various components of libraries into sandboxed REST-like webservices to enable more languages to take part and then I'd need some system to just generate semi-structured junk to throw at those implementations.
Just create a server that spends all day and night throwing random inputs at the bleeding edge and released versions of all the libraries and see if they output the same values (i.e, either they are all equally broken or they all work).