Implement OCSP client and responder with HTTP and SCGI transport

[julek-wolfssl]

Depends on wolfSSL/wolfssl#9761

Core OCSP implementation:

• Register the new WOLFCLU_OCSP mode enum value
• The responder main loop accepts connections and handles the request in a transport-agnostic way.
• Add the OCSP mode to the help text in src/tools/clu_funcs.c.

New HTTP utilities (src/tools/clu_http.c):

• Move the static kHttpGetMsg from src/client/client.c and the static kHttpServerMsg from src/server/server.c into shared accessor functions
• Add HTTP builder and server helpers

New SCGI protocol implementation (src/tools/clu_scgi.c):

• Implement the SCGI wire protocol per https://python.ca/scgi/protocol.txt

Certificate and config additions (certs/):

• Add ocsp-responder-cert.pem which is an authorized responder for ca-cert.pem

Test suites:

• tests/ocsp/ocsp-test.sh: top-level test runner with four interop combinations (wolfssl↔openssl, wolfssl↔wolfssl, openssl↔wolfssl, openssl↔openssl) sequentially
• tests/ocsp/ocsp-interop-test.sh: test script taking in $OCSP_CLIENT and $OCSP_RESPONDER. Written to take in the same commands when run with wolfssl or openssl on either side
• tests/ocsp-scgi/ocsp-scgi-test.sh: SCGI integration test using nginx for HTTP termination

Removed git hooks as they interfere with dev work

[Copilot]

Pull request overview

This PR implements a comprehensive OCSP (Online Certificate Status Protocol) client and responder for wolfCLU, enabling certificate revocation checking with both HTTP and SCGI transport protocols.

Changes:

• Added OCSP client and responder implementation with transport-agnostic design
• Implemented HTTP utilities by refactoring existing code and adding server-side helpers
• Added SCGI protocol support for nginx reverse proxy integration
• Included comprehensive test suites for interoperability testing (wolfSSL ↔ OpenSSL)

Reviewed changes

Copilot reviewed 29 out of 30 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
src/ocsp/clu_ocsp.c	Core OCSP client and responder implementation with index file parsing
src/tools/clu_http.c	HTTP utilities including request/response building and server helpers
src/tools/clu_scgi.c	SCGI protocol implementation following spec at python.ca/scgi/protocol.txt
src/tools/clu_pem_der.c	Certificate and key loading utilities with PEM to DER conversion
wolfclu/clu_header_main.h	Function declarations for OCSP, HTTP, and SCGI APIs
wolfclu/clu_optargs.h	Added WOLFCLU_OCSP enum value
wolfclu/client.h	Removed unnecessary WOLFSSL_THREAD define
src/clu_main.c	Integrated OCSP mode into main command dispatcher
src/tools/clu_funcs.c	Added OCSP to help text
src/client/client.c	Refactored to use shared HTTP GET message
src/server/server.c	Refactored to use shared HTTP response message
tests/ocsp/ocsp-test.sh	Top-level test runner for four interop combinations
tests/ocsp/ocsp-interop-test.sh	Detailed interop test script with 11 test cases
tests/ocsp-scgi/ocsp-scgi-test.sh	SCGI integration test with nginx
tests/ocsp-scgi/scgi_params	nginx SCGI parameter configuration
src/include.am	Added new source files to build system
Makefile.am	Added test directories to make check
wolfCLU.vcxproj	Added source files for Windows build
certs/renew.sh	Added OCSP responder certificate generation
certs/ocsp.cnf	OpenSSL configuration for OCSP signing extension
certs/ocsp-responder-*.pem	OCSP responder certificate and key
README.md	Added deployment documentation for SCGI mode with nginx
.gitignore	Added development artifacts
.github/workflows/*.yml	Added nginx and openssl to CI dependencies
autogen.sh	Removed Git hooks setup
tests/x509/x509-req-test.sh	Added cleanup of tmp.csr file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.