Function build_mitm_leaf_ocsp_response 

pub fn build_mitm_leaf_ocsp_response(
    leaf: &X509Ref,
    issuer: &X509Ref,
    issuer_key: &PKeyRef<Private>,
    status: OcspCertStatus,
) -> Result<Vec<u8>, Box<dyn Error + Sync + Send>>

Available on crate feature boring only.

Build a DER-encoded OCSP response for leaf, signed by the MITM CA (issuer + issuer_key), ready for SslRef::set_ocsp_status.

CertID uses SHA-1 (the algorithm clients compute for CertID matching) and the response is signed directly by the issuer CA, so no delegated OCSP-signing certificate is needed.