From b1be49c14f6b7abbfe8f4a22f85d1807bce8eb93 Mon Sep 17 00:00:00 2001
From: Peter Eckersley <pde@eff.org>
Date: Thu, 5 Jan 2017 11:04:01 -0800
Subject: [PATCH] Openssl black magic

 * With _some_ versions of openssl, when checking OCSP for staging certs
   only, we need this -trust_other flag
---
 certbot/ocsp.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/certbot/ocsp.py b/certbot/ocsp.py
index f96d44337..b87ac056d 100644
--- a/certbot/ocsp.py
+++ b/certbot/ocsp.py
@@ -56,6 +56,7 @@ class RevocationChecker(object):
                "-url", url,
                "-CAfile", chain_path,
                "-verify_other", chain_path,
+               "-trust_other",
                "-header"] + self.host_args(host)
         logger.debug("Querying OCSP for %s", cert_path)
         logger.debug(" ".join(cmd))