Multiple certificates in response

[dbrgn]

Does ocspbuilder already support multiple certificates in the response? To quote RFC 6960:

The response MUST include a SingleResponse for each certificate in the request.

[wbond]

No, currently the builder does not support multiple certificates. The ASN.1 definitions from asn1crypto.ocsp do, but the API for this builder would need to be augmented to support multiple certificates in a few places.

[andrea-f]

@dbrgn and @wbond (thanks for the repo :) I added multi cert response support to OCSPBuilder to conform with RFC6060, code is here: https://github.com/andrea-f/ocspbuilder, the tests in test_ocsp_response_builder.py are passing. I can't raise a PR but let me know what you think!!

For example a query consisting of:

$ openssl ocsp -issuer ./ca-cert.pem -cert ./1.pem -cert ./2.pem -cert ./3.pem -no_nonce -url http://localhost -noverify -header "Host" "localhost"

Yields:

./1.pem: good
	This Update: Nov 12 23:17:07 2018 GMT
	Next Update: Nov 19 23:17:07 2018 GMT
./2.pem: good
	This Update: Nov 12 23:17:07 2018 GMT
	Next Update: Nov 19 23:17:07 2018 GMT
./3.pem: good
	This Update: Nov 12 23:17:07 2018 GMT
	Next Update: Nov 19 23:17:07 2018 GMT