Imagine a certificate with incomplete cert chain, where remote URL for missing intermediate cert is listed in AIA Extension, caIssuers field. SSLTest reports the missing cert as "Extra download". Not every client supports the field. Browsers are mostly fine, but OpenSSL client doesn't.
You can check it by command:
$ openssl s_client -showcerts -connect domain.com:443 </dev/null
Verify return code: 21 (unable to verify the first certificate)
SSLTest should warn about unsuccessful handshake. This also affects a lot of other apps which uses OpenSSL as library. Maybe you could include in Handshake simulation some other TLS libraries, like Go crypto.tls.
I guess you are just comparing client capabilities with server instead doing real handshake simulation, so possible fix is just to add a boolean field, if client supports this feature, and use it.
Thanks for great tool anyway!