Add a few tests to exercise OCSP stapling, using an httptest.Server
acting as the OCSP responder.
These tests are very simplistic:
- a "good" OCSP response should be stapled
- a "revoked" OCSP response should not be stapled
- the DisableStapling option should be honored
- OCSP stapling requires an issuing certificate
No attempt is made to provide sensible timestamps, either in the test
certificates or in the OCSP responses.
This brings unit test coverage for ocsp.go from 21% to 70%.
Define an exported NoOCSPServerSpecified error, to make it easier to
distinguish the case that a certificate does not support OCSP (from
other OCSP stapling errors). Add a unit test exercising this behavior.