Ability to specify certificate chain in ocsp response

[johnae]

More specifically something like this (using a monkey patch atm):

module CertificateAuthority
  class OCSPResponseBuilder
     # snip
     def build_response(chain=nil)
       # snip
       @ocsp_response.sign(OpenSSL::X509::Certificate.new(@parent.to_pem), @parent.key_material.private_key, chain, nil) ## specifying chain here
       OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, @ocsp_response)
     end
  end
end

This way I could get stunnel to do ocsp correctly. It's a shortcoming of stunnel but it is valid to include the certificate chain of the ocsp and that gets around that shortcoming.