tests: ocsptool: added test of --verify-response with --load-chain

This utilizes the provided chain to find the signer of the
OCSP response.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

5 files changed, 221 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 2aaab12059..ef09b69f8f 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -34,6 +34,8 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \
 	rsa-md5-collision/README safe-renegotiation/README starttls-smtp.txt starttls-ftp.txt \
 	starttls-lmtp.txt starttls-pop3.txt starttls-nntp.txt starttls-sieve.txt \
 	rsa-md5-collision/colliding-chain-md5-2.pem rsa-md5-collision/colliding-chain-md5-1.pem \
+	ocsp-tests/certs/ocsp-amazon.com.der ocsp-tests/certs/chain-amazon.com.pem \
+	ocsp-tests/certs/chain-amazon.com-unsorted.pem \
 	certs-interesting/README.md certs-interesting/cert1.der certs-interesting/cert1.der.err \
 	certs-interesting/cert2.der certs-interesting/cert2.der.err certs-interesting/cert3.der \
 	certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \
@@ -306,7 +308,7 @@ dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh start
 	starttls-lmtp.sh starttls-pop3.sh starttls-nntp.sh starttls-sieve.sh \
 	ocsp-tests/ocsp-tls-connection ocsp-tests/ocsp-must-staple-connection \
 	ocsp-tests/ocsp-test cipher-listings.sh sni-hostname.sh server-multi-keys.sh \
-	psktool.sh
+	psktool.sh ocsp-tests/ocsp-load-chain
 if ENABLE_DANE
 dist_check_SCRIPTS += danetool.sh
 endif
diff --git a/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem b/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem
new file mode 100644
index 0000000000..fc3818b49a
--- /dev/null
+++ b/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem
@@ -0,0 +1,90 @@
+-----BEGIN CERTIFICATE-----
+MIIGmzCCBYOgAwIBAgIQHUq9qnjQmv55nUG863p2YjANBgkqhkiG9w0BAQsFADB+
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
+IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTAzMTAwMDAwMFoX
+DTE3MTIzMTIzNTk1OVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0
+b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x
+FzAVBgNVBAMMDnd3dy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwlooZ3Wf+B8c1nTZj/14wCPIjyhcOV5ytEZQDbtftWixOxTpG2Sl
+k2GI1pztESpopBmbY/haM5YNWDYDHr01AQvzAqwsNyz5sX4rytkIEWI92DomKbvx
+QKry0m0Zuj9MzabZb2vHb0dbWwUl2yXn5nlfHJSfmD0TS3UFNaQzXExFnlKU/i7V
+omLEB/O9OtfJ0V2XZzbzOx3RfvTy5wmn4AxCC7nGRklNBKVa+npRl0zj+loyCaM+
+AF5YV9ZbURIuxYiZOW3u2a66VzYwCRa2EdtIbPALO/dSrFNAuaAhKqpFN0OB42d1
+6IWUOKiMiHDJL512YAJJBmfQPI7fVQtXJwIDAQABo4IDKTCCAyUwgdQGA1UdEQSB
+zDCByYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11
+cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jw
+b3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6
+b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13
+d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
+FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAj
+BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw
+GQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RD
+FIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNv
+bS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Mu
+c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNy
+dDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN3rHSt6DU+mIIuBrYFocH4ujp0B
+1VyIjT0RxM227L7MAAABWBifyfEAAAQDAEgwRgIhAOnxZYIIOlu0L1nvY3+yk8Ay
+gYzt3RsoZD1Wcs5Tl+W/AiEArj03tMyYoSa1I25zrqujXDQp5GnMXoI0MHAXINWc
+EV0AdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVgYn8oaAAAE
+AwBIMEYCIQDRlQQ8KC2R/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPw
+AagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA6
+5KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oV
+phsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46
+iwZst4TwdwO3/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuAD
+JelImPs/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWu
+Bpx0qrpruMAUU1lOJrg/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N/7jW6zKh5RjSgr
+r6H7ZhiwtwpJzLsjT1CX
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
+U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg
+SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln
+biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm
+GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve
+fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ
+aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
+aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW
+kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC
+4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga
+FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw
+CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
+BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs
+YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb
+A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW
+9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu
+s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T
+L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK
+Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T
+AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu
+Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw
+HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg
+hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v
+Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG
+A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E
+FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz
+Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny
+H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W
+Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG
+QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t
+TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY
+Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=
+-----END CERTIFICATE-----
diff --git a/tests/ocsp-tests/certs/chain-amazon.com.pem b/tests/ocsp-tests/certs/chain-amazon.com.pem
new file mode 100644
index 0000000000..970f695ac3
--- /dev/null
+++ b/tests/ocsp-tests/certs/chain-amazon.com.pem
@@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIIGmzCCBYOgAwIBAgIQHUq9qnjQmv55nUG863p2YjANBgkqhkiG9w0BAQsFADB+
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
+IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTAzMTAwMDAwMFoX
+DTE3MTIzMTIzNTk1OVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0
+b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x
+FzAVBgNVBAMMDnd3dy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwlooZ3Wf+B8c1nTZj/14wCPIjyhcOV5ytEZQDbtftWixOxTpG2Sl
+k2GI1pztESpopBmbY/haM5YNWDYDHr01AQvzAqwsNyz5sX4rytkIEWI92DomKbvx
+QKry0m0Zuj9MzabZb2vHb0dbWwUl2yXn5nlfHJSfmD0TS3UFNaQzXExFnlKU/i7V
+omLEB/O9OtfJ0V2XZzbzOx3RfvTy5wmn4AxCC7nGRklNBKVa+npRl0zj+loyCaM+
+AF5YV9ZbURIuxYiZOW3u2a66VzYwCRa2EdtIbPALO/dSrFNAuaAhKqpFN0OB42d1
+6IWUOKiMiHDJL512YAJJBmfQPI7fVQtXJwIDAQABo4IDKTCCAyUwgdQGA1UdEQSB
+zDCByYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11
+cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jw
+b3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6
+b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13
+d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
+FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAj
+BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw
+GQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RD
+FIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNv
+bS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Mu
+c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNy
+dDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN3rHSt6DU+mIIuBrYFocH4ujp0B
+1VyIjT0RxM227L7MAAABWBifyfEAAAQDAEgwRgIhAOnxZYIIOlu0L1nvY3+yk8Ay
+gYzt3RsoZD1Wcs5Tl+W/AiEArj03tMyYoSa1I25zrqujXDQp5GnMXoI0MHAXINWc
+EV0AdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVgYn8oaAAAE
+AwBIMEYCIQDRlQQ8KC2R/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPw
+AagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA6
+5KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oV
+phsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46
+iwZst4TwdwO3/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuAD
+JelImPs/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWu
+Bpx0qrpruMAUU1lOJrg/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N/7jW6zKh5RjSgr
+r6H7ZhiwtwpJzLsjT1CX
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw
+CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
+BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs
+YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb
+A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW
+9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu
+s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T
+L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK
+Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T
+AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu
+Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw
+HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg
+hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v
+Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG
+A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E
+FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz
+Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny
+H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W
+Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG
+QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t
+TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY
+Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=
+-----END CERTIFICATE-----
diff --git a/tests/ocsp-tests/certs/ocsp-amazon.com.der b/tests/ocsp-tests/certs/ocsp-amazon.com.der
new file mode 100644
index 0000000000..71f8f8f84d
--- /dev/null
+++ b/tests/ocsp-tests/certs/ocsp-amazon.com.der
diff --git a/tests/ocsp-tests/ocsp-load-chain b/tests/ocsp-tests/ocsp-load-chain
new file mode 100755
index 0000000000..88529a1138
--- /dev/null
+++ b/tests/ocsp-tests/ocsp-load-chain
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>
+
+#set -e
+
+srcdir="${srcdir:-.}"
+OCSPTOOL="${OCSPTOOL:-../src/ocsptool${EXEEXT}}"
+DIFF="${DIFF:-diff}"
+
+if ! test -x "${OCSPTOOL}"; then
+	exit 77
+fi
+
+export TZ="UTC"
+
+# Check for datefudge
+TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
+if test "$TSTAMP" != "1158969600"; then
+	echo $TSTAMP
+	echo "You need datefudge to run this test"
+	exit 77
+fi
+
+datefudge -s "2017-06-19" \
+	"${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 1 - Amazon OCSP response verification - failed"
+	exit ${rc}
+fi
+
+datefudge -s "2017-06-19" \
+	"${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
+rc=$?
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 1 - Amazon OCSP response verification - failed"
+	exit ${rc}
+fi
+
+exit 0