Several OCSP improvements

This MR solves two major pain points on the OpenSSL backend. We move on-line OCSP verification out of the openssl_revocation_check_fn callback, and we take into account stapled responses sent by the server and avoid sending OCSP requests for those (#578).

We are doing OCSP verification in the openssl_revocation_check_fn callback. This callback is not the best place to check OCSP because the peer's X.509 cert stack that we get there is incomplete, and cannot be fully trusted. Hence, we move OCSP checking to the end of the wget_ssl_open function, just after the TLS handshake has successfully completed. At that point we do have the full, verified, cert stack (can be obtained with SSL_get0_verified_chain).

In addition, the fact that the on-line OCSP checks for the certificates were being carried out after the handshake completed caused that any stapled OCSP response sent by the server was not taking into account (all certificates were being OCSP-checked regardless of there was a stapled response for any of them or not). This was also happening before, when we used the openssl_revocation_check_fn callback, because it was always called after the OCSP verification callback. Hence, we create a vector and store all the stapled OCSP responses we receive, and then, during on-line OCSP verification, we check if a stapled response exists for each certificate before contacting OCSP servers.

Approver's checklist:

• The author has submitted the FSF Copyright Assignment and is listed in AUTHORS
• There is a test suite reasonably covering new functionality or modifications
• Function naming, parameters, return values, types, etc., are consistent with existing code
• This feature/change has adequate documentation added (if appropriate)
• No obvious mistakes / misspelling in the code

libwget/ssl_openssl.c

@@ -1023,6 +1023,30 @@ bail:
 	return NULL;
 }
 
+static X509 *find_issuer_cert(const STACK_OF(X509) *certs, const X509 *subject, unsigned starting_idx)
+{
+	unsigned cert_chain_size;
+
+	/* Try with the next cert first */
+	X509 *candidate = sk_X509_value(certs, starting_idx + 1);
+	if (!candidate)
+		return NULL;
+	if (X509_check_issued(candidate, subject) == X509_V_OK)
+		return candidate;
+
+	/* Traverse the whole chain */
+	cert_chain_size = sk_X509_num(certs);
+	for (unsigned i = 0; i < cert_chain_size; i++) {
+		if (i == starting_idx)
+			continue;
+		candidate = sk_X509_value(certs, i);
+		if (X509_check_issued(candidate, subject) == X509_V_OK)
+			return candidate;
+	}
+
+	return NULL;
+}
+
 static int check_cert_chain_for_ocsp(STACK_OF(X509) *certs, X509_STORE *store, const char *hostname)
 {
 	wget_ocsp_stats_data stats;
@@ -1035,7 +1059,7 @@ static int check_cert_chain_for_ocsp(STACK_OF(X509) *certs, X509_STORE *store, c
 
 	for (unsigned i = 0; i < cert_list_size; i++) {
 		cert = sk_X509_value(certs, i);
-		issuer_cert = sk_X509_value(certs, i+1);
+		issuer_cert = find_issuer_cert(certs, cert, i);
 
 		if (!issuer_cert)
 			break;