Asking the right questions. :-) This is based on mitmproxy, so upstream certificates should be verified by default. I haven't played around with Chomper, but we have extensive tests for this in mitmproxy.
To be clear, compared to browsers you do loose some advanced mechanisms such as HPKP, Certificate Transparency log enforcement, Extended Validation certs, or revocation checking. I don't want to downplay this, but I would argue that this is not too significant for the average user, whereas mitmproxy is often a substantial improvement over what other non-browser software is doing.
There are some websites which due to certificate pinning will not be properly filtered through the proxy (http://docs.mitmproxy.org/en/stable/certinstall.html#certifi...). For example, while Chomper is running, even if Dropbox is not on a blacklist, it probably will not properly sync. Eventually, I'll add the ability to make exceptions for these websites if desired.
It's been ad-hoc tested on my computer and on a fresh Linux installation. There's really no components right now worth unit testing, since it was really just a lot of configuration work. Once I start adding more complicated filter rules, I'll write formal unit tests.
To be clear, compared to browsers you do loose some advanced mechanisms such as HPKP, Certificate Transparency log enforcement, Extended Validation certs, or revocation checking. I don't want to downplay this, but I would argue that this is not too significant for the average user, whereas mitmproxy is often a substantial improvement over what other non-browser software is doing.