Changes

# Add backoff for OCSP requests when the responder fails: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|977865 }} (:keeler) [this may take a week or two]# Enforce consistent handling of isCA bit and certSign/crlSign key usages: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|970196 }} (:briansmith)# Add low-level DER decoder tests: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|968490 }} (:st3fan) [code written - needs review]# Enable all PSM xpcshell tests on Android/B2G: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|676972 }} (:briansmith) [code mostly written - needs review]# Add SHA-2 support to the OCSP implementation: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|966856 }} (:keeler) [code written - needs review]# Test decoding OCSP responses with multiple certificates: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|972753 }} (:keeler) [this may take a week or two]# Adjust OCSP stapling telemetry: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|969048 }} (:keeler) [code written and reviewed - can land after the OCSP cache lands]# Improve error handling in VerifyEncodedOCSPResponse: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|977870 }} (:keeler) [code written - needs review]# Document functions exported from the library: https://bugzilla.mozilla.org/show_bug.cgi?id={{bug|968451 }} (:briansmith)

For more details, see the dependency trees for bugs {{bug|915930 ( https://bugzilla.mozilla.org/show_bug.cgi?id=915930 ) }} and {{bug|976961 ( https://bugzilla.mozilla.org/show_bug.cgi?id=976961 )}}, respectively.