Paul van Brouwershaven pointed out that it would be better to pass in
the issuing certificate and have the verification be done in the OCSP
package than to expect the caller to deal with the difference between
responses with and without a responder certificate.
R=golang-dev, dayveday, paul