Remaining bugs:
# Add low-level OCSP unit tests: {{Bug|916629}} (:briansmith, :st3fan)
# Test that results from the certificate database are interpreted correctly: {{Bug|966820}} (:cviecco)
# Expand EKU (extended key usage) tests: {{Bug|970470}} (:cviecco)
# Add backoff for OCSP requests when the responder fails: {{bug|977865}} (:keeler) [this may take a week or two]
# Enforce consistent handling of isCA bit and certSign/crlSign key usages: {{bug|970196}} (:briansmith)
# Add low-level DER decoder tests: {{bug|968490}} (:st3fan) [code written - needs review]
