I know that we need * ocsp responder cert for verifying the signature of ocsp response, * CA issuer cert to generate CERTID for ocsp request and * ocsp requestor can choose to sign ocsp request using a signer certificate.
But instead of having users set that as 3 different settings, I am thinking of maybe load these 3 different cert into the trust cert store, then later on loading these certs back via SSL_CTX_load_verify_locations(). But how I am not sure how to extract these into 3 files to pass to apis like OCSP_cert_to_id to generate certID OCSP_request_sign to sign request and OCSP_Basic_verify to also verify the response signature. Any code examples out there that does the simialr hing?