It seems that OCSP_basic_verify(bs, certs, st, flags) unfortunately is
not documented, but from its code it becomes clear that the "certs"
parameter is meant to be a set of untrusted certificates, which is first
used (together with bs->certs) to determine the signer cert of the OCSP
response "bs"
> OCSP responses do not seem to include the intermediate certificates so they
> have to be acquired in other ways. I have been doing this and adding them
> to the certificate stack handed to OCSP_basic_verify().
Perhaps adding them to X509_STORE or STORE_CTX directly?
> I am relatively new to
