libressl: OCSP and intermediate certs workaround no longer needed lib/vtls/openssl.c has a workaround for a bug with OCSP responses signed by intermediate certs, this was fixed in LibreSSL in https://github.com/libressl-portable/openbsd/commit/912c64f68f7ac4f225b7d1fdc8fbd43168912ba0 Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html

commit: 9f54ad8f15172d52cc0df9de8b65887c13a54a90 [log] [tgz]
author: Stuart Henderson <stu@spacehopper.org> Tue Jun 13 12:06:03 2017 +0200
committer: Daniel Stenberg <daniel@haxx.se> Tue Jun 13 12:28:22 2017 +0200
tree: 570191a708c66290319a0fef5d5e264b28b7c2c7
parent: 5d7952f52e410e1d4a8ff1965e5cc6fc1bde86aa [diff]
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 9def5ab..dbee369 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c

@@ -1371,7 +1371,8 @@
   st = SSL_CTX_get_cert_store(connssl->ctx);
 
 #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
-     defined(LIBRESSL_VERSION_NUMBER))
+     (defined(LIBRESSL_VERSION_NUMBER) &&                               \
+      LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
   /* The authorized responder cert in the OCSP response MUST be signed by the
      peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
      no problem, but if it's an intermediate cert OpenSSL has a bug where it
commit	9f54ad8f15172d52cc0df9de8b65887c13a54a90	[log] [tgz]
author	Stuart Henderson <stu@spacehopper.org>	Tue Jun 13 12:06:03 2017 +0200
committer	Daniel Stenberg <daniel@haxx.se>	Tue Jun 13 12:28:22 2017 +0200
tree	570191a708c66290319a0fef5d5e264b28b7c2c7
parent	5d7952f52e410e1d4a8ff1965e5cc6fc1bde86aa [diff]