don't assume the issuer is at a particular position in the chain

Author: jamis

lib/mongo/socket/ssl.rb

@@ -460,7 +460,7 @@ def verify_ocsp_endpoint!(socket, timeout = nil)
         end
 
         cert = socket.peer_cert
-        ca_cert = socket.peer_cert_chain[1]
+        ca_cert = find_issuer(cert, socket.peer_cert_chain)
 
         verifier = OcspVerifier.new(@host_name, cert, ca_cert, context.cert_store,
           **Utils.shallow_symbolize_keys(options).merge(timeout: timeout))
@@ -503,6 +503,12 @@ def extract_certs(text)
           end
         end
       end
+
+      # Find the issuer certificate in the chain.
+      # If the issuer is not found, raise an error.
+      def find_issuer(cert, cert_chain)
+        cert_chain.find { |c| c.subject == cert.issuer }
+      end
     end
   end
 end