Feature/get ocsp cache data

[AssemblyJohn]

Describe your changes

• Fixed a certificate hierarchy potential issue when creating the OCSP cache
• Added possibility to retrieve the OCSP cache
• Added base64 utilities

Issue ticket number and link

https://github.com/EVerest/libocpp/pull/596

Checklist before requesting a review

• [x] I have performed a self-review of my code
• [ ] I have made corresponding changes to the documentation
• [x] I read the contribution documentation and made sure that my changes meet its requirements

[AssemblyJohn]

lgtm except for the OCSP update and retrieval.

My idea would be: In update_ocsp_cache we can simply choose a random file name for the OCSP response and store it in some directory that is dedicated for OCSP responses.

For retrieve_ocsp_cache we should not search for the ocsp response by filename, but rather iterate over the files in the OCSP directory, parse the OCSP data and check if the certificate hash data matches.

What do you think?

I would require some hint in extracting the certificate hash data from the OCSP response. How is that possible? Also it will incur a certain performance cost, since it will imply parsing of all the data all the time, however it seems more stable than the current version.

[Pietfried]

lgtm except for the OCSP update and retrieval. My idea would be: In update_ocsp_cache we can simply choose a random file name for the OCSP response and store it in some directory that is dedicated for OCSP responses. For retrieve_ocsp_cache we should not search for the ocsp response by filename, but rather iterate over the files in the OCSP directory, parse the OCSP data and check if the certificate hash data matches. What do you think?

I would require some hint in extracting the certificate hash data from the OCSP response. How is that possible? Also it will incur a certain performance cost, since it will imply parsing of all the data all the time, however it seems more stable than the current version.

I was hoping openssl provides functionality to decode and parse the certificate hash data from the DER encoded ocsp response, but I dont know if that is the case.

It would be interesting to know how the OCSP response is loaded during the TLS handshake, because this is our targeted use case. Maybe @james-ctc already has some insights about this?

[AssemblyJohn]

Implemented header/interface refactor, request feedback before proceeding.

[AssemblyJohn]

There's also a requirement to integrate this with the garbage collection:

• delete ocsp data for expired/garbage collected certificates
• when ocsp data is updated if we already contain that OCSP hash, just over-write the data instead to write it again with a new random filename

[AssemblyJohn]

Comments have been implemented, OCSP relevant test has been implemented.

One more test update is required, for garbage collection related to deleted certificates.

[AssemblyJohn]

Relevant issues and comments have been solved.