Hi,

It seems that after b1b4b15 (3.6.0-alpha1) the resp parameter passed to SSL_set_tlsext_status_ocsp_resp is no longer stored then later freed. This causes a memory leak in existing callers that expect the value to be owned by libssl and thus freed whenever the SSL session is cleaned up. Is this the intended behaviour, it would be nice to update the documentation to describe the expected behaviour, and perhaps make the parameter const.

Thanks!