Add the -VAfile option to 'openssl ocsp'. This option will give the

client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.