Check all OCSP responses

Description of problem:

Currently gnutls-cli fails to verify the server certificate that openssl s_client does verify. Based on the openssl output the relevant OCSP response is the 19th out of 20 responses. In https://gitlab.com/gnutls/gnutls/-/blob/master/lib/cert-session.c#L284 it seems that gnutls only checks the first OCSP response. Gnutls output:

|<3>| ASSERT: ../../../lib/x509/ocsp.c[gnutls_ocsp_resp_check_crt]:1414
|<3>| ASSERT: ../../lib/cert-session.c[check_ocsp_response]:286
|<1>| Got OCSP response with an unrelated certificate.
|<3>| ASSERT: ../../lib/ocsp-api.c[gnutls_ocsp_status_request_get2]:98
|<3>| ASSERT: ../../../lib/x509/name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
|<3>| ASSERT: ../../../lib/x509/name_constraints.c[gnutls_x509_crt_get_name_constraints]:470
- Status: The certificate is NOT trusted. The received OCSP status response is invalid. 
*** PKI verification of server certificate failed...
|<3>| ASSERT: ../../lib/handshake.c[_gnutls_run_verify_callback]:3000
|<3>| ASSERT: ../../lib/handshake.c[handshake_client]:3119
*** Fatal error: Error in the certificate.

The message "Got OCSP response with an unrelated certificate." is correct as 19 unrelated responses were received. That should not preclude verifying the one valid response.

Version of gnutls used:

3.7.3

Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Ubuntu

How reproducible:

100% reproducible for the particular site.

Steps to Reproduce:

• Find a server that includes OCSP responses for many unrelated certificates along with the correct response. Make sure the correct response is not first in the list. Say example.com
• gnutls-cli example.com
• observe failure to verify certs

Actual results:

see description

Expected results:

gnutls checks all OCSP responses before deciding the OCSP is invalid.