There are 2 issues I found with OCSP.

1. When neverbleed is enabled, OCSP_basic_verify with RSA key because RSA object has NULL bn_mod_exp. This can be fixed by just assigning default function to the field. But I propose to use RSA_meth_dup first, and then override custom functions instead.

2. If optional certificate is attached in OCSP response, priv_rsa_finish or priv_ecdsa_finish is called when OCSP_BASICRESP_free is called. In that function chain, we end up calling RSA_get_ex_data or
   EC_KEY_get_ex_data, but we don't set its associated data, it fails and we hit dief.
   One possible workaround is don't call dief if we cannot get any data from these functions and just do nothing without communicating daemon process. What do you think?

Issue 1 is new to OpenSSL 1.1.1.
I don't know Issue 2 happens with older OpenSSL. I just found it while debugging Issue 1.

Thank you for noticing, diagnosing, reporting, and fixing the issue.

#23 that fixes the 1st issue has been merged. Are you aware a method reproducing the 2nd issue?

You can create OCSP response using openssl ocsp utility and can include certificate in it.

Create OCSP request

openssl ocsp -issuer CA.crt -cert server.crt -reqout req.der

Create OCSP response

openssl ocsp -index index.txt -rsigner CA.crt -rkey CA.key -CA CA.crt -reqin req.der -respout resp.der

Syntax of index.txt

Tab delimited text files:

• V = verified, R = revoked, E = expired
• YYMMDDhhmmddZ: expiration date of certificate
• YYMMDDhhmmddZ: revoked date (empty if it has not been revoked)
• Serial: Serial number of certificate in hex (alphabet must be upper cased)
• Path to certificate: just write unknown
• Subject: /X=Z... style

Describe OCSP response

openssl ocsp -respin resp.der -text