I know that we need
* ocsp responder cert for verifying the signature of ocsp response,
* CA issuer cert to generate CERTID for ocsp request
and
* ocsp requestor can choose to sign ocsp request using a signer certificate.
But instead of having users set that as 3 different settings, I am thinking of maybe
load these 3 different cert into the trust cert store, then later on loading these certs back via SSL_CTX_load_verify_locations().
But how I am not sure how to extract these into 3 files to pass to apis like
OCSP_cert_to_id to generate certID
OCSP_request_sign to sign request
and
OCSP_Basic_verify to also verify the response signature.
Any code examples out there that does the simialr hing?
