ocsp: Remove "explicit" tag from "revokedInfo"

The current implementation is not compliant with the ASN.1 structure
for an OCSP response in RFC 6960. In the RFC, the "revoked" field is
marked "implicit". The "explicit" tag in the current struct causes
the encoder to emit an additional SEQUENCE, which cases some parsers
(notably OpenSSL) to reject OCSP responses as malformed.  This patch
simply removes the "explicit" tag, so that the emitted DER is
compliant with the RFC.

Change-Id: Ifa65a73a8d24f08fe3c2794309df772edc8bb114
Reviewed-on: https://go-review.googlesource.com/13572
Reviewed-by: Adam Langley <agl@golang.org>

ocsp/ocsp.go

@@ -87,7 +87,7 @@ type responseData struct {
 type singleResponse struct {
 	CertID     certID
 	Good       asn1.Flag   `asn1:"tag:0,optional"`
-	Revoked    revokedInfo `asn1:"explicit,tag:1,optional"`
+	Revoked    revokedInfo `asn1:"tag:1,optional"`
 	Unknown    asn1.Flag   `asn1:"tag:2,optional"`
 	ThisUpdate time.Time   `asn1:"generalized"`
 	NextUpdate time.Time   `asn1:"generalized,explicit,tag:0,optional"`