diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index c7c859fdca..52eb49ba0f 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -119,17 +119,34 @@ ocsp-resp-status-unauthorized.der:
 	@printf "\x30\x03\x0A\x01\x06" > $@
 all_final += ocsp-resp-status-unauthorized.der
 
+# The ocsp-resp-invalid-signature.der, ocsp-resp-future-this-update.der and
+# ocsp-resp-future-produced-at.der targets print the binary data corrensponding
+# to a generated ocsp-resp-no-certs-in-resp.der with a manually modified byte
+# in the signature bitstring, producedAt and thisUpdate respectively to cause
+# failures in the signature verification and time checks
+ocsp-resp-invalid-signature.der:
+	@printf "\x30\x82\x01\xB1\x0A\x01\x00\xA0\x82\x01\xAA\x30\x82\x01\xA6\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\x97\x30\x82\x01\x93\x30\x7D\xA2\x16\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x52\x30\x50\x30\x3B\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x0A\x15\x68\xA6\xD1\x87\x1F\x63\xAD\x9E\xDD\xB6\xB1\xCF\x6D\x46\xF2\x02\x09\x07\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x02\x02\x10\x00\x80\x00\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xB3\x6E\xB8\xFC\x74\x98\x28\x06\x1D\x4A\x25\x8F\x0E\x92\xD3\xB2\x02\xC8\xFE\x30\xD2\x59\xAA\x6C\xB0\x52\xC5\x71\x50\xC1\x37\x33\x5D\xBD\xDC\x0F\x0F\xF1\x81\x74\x8C\x7B\xA7\x4E\xFE\xC7\xB1\x70\xF2\xE8\x42\xC7\x4D\x05\x35\x66\xAC\xD3\xF8\x18\x78\x2B\x65\xB7\x46\x3F\x71\x9D\xC4\xD3\xC6\x71\xA0\x1B\x5E\xE5\x6E\x78\xAE\xB1\xA6\x5B\x02\x45\x3A\x73\x44\xAA\xCF\xA1\x60\xB7\xD0\x8C\x84\xA0\xA4\x96\x89\x96\x5F\xD8\x1D\xFA\x0E\xBD\xE5\x5F\xD6\x87\x59\x4F\x0B\xE4\x85\x0F\x3F\xDC\x47\xEA\xF0\xC2\x11\xD3\xE4\x00\x2D\x9A\x86\xCC\x47\x47\x86\xC8\xFF\x52\x7D\x0B\xB9\xC1\x74\xD2\xA6\x96\x5F\x16\x7E\x42\xFB\xF6\x8D\xA5\xD7\x6E\x3C\xC3\xD3\x0E\x11\x47\xB9\x70\x71\xB8\x49\x98\xF5\x2F\xE7\x1B\x52\x4E\xB2\x3E\xB9\x46\xAD\x89\x9E\x7C\x7F\xF7\x51\xD9\x5C\x66\x12\x45\x5A\xE9\xD7\x80\x66\xA3\x19\xAE\x3D\x7D\xF2\x01\x60\x03\x4C\x85\x60\x51\x5C\x31\x91\xA4\xAB\x95\x21\xB5\xEB\xA8\x9D\xCF\x29\xD8\x78\x43\xF7\xA5\xD9\x8B\xC0\x88\xF6\xCE\xC5\x12\xC7\x21\x51\x44\x34\x43\xD1\x1E\x2F\xCD\x88\x8D\x47\x86\xED\x7C\x71\x55\x71\x0C\x09\xBC\x47" > $@
+all_final += ocsp-resp-invalid-signature.der
+ocsp-resp-future-produced-at.der:
+	@printf "\x30\x82\x01\xB1\x0A\x01\x00\xA0\x82\x01\xAA\x30\x82\x01\xA6\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\x97\x30\x82\x01\x93\x30\x7D\xA2\x16\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x18\x0F\x32\x30\x32\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x52\x30\x50\x30\x3B\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x0A\x15\x68\xA6\xD1\x87\x1F\x63\xAD\x9E\xDD\xB6\xB1\xCF\x6D\x46\xF2\x02\x09\x07\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x02\x02\x10\x00\x80\x00\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xB3\x6E\xB8\xFC\x74\x98\x28\x06\x1D\x4A\x25\x8F\x0E\x92\xD3\xB2\x02\xC8\xFE\x30\xD2\x59\xAA\x6C\xB0\x52\xC5\x71\x50\xC1\x37\x33\x5D\xBD\xDC\x0F\x0F\xF1\x81\x74\x8C\x7B\xA7\x4E\xFE\xC7\xB1\x70\xF2\xE8\x42\xC7\x4D\x05\x35\x66\xAC\xD3\xF8\x18\x78\x2B\x65\xB7\x46\x3F\x71\x9D\xC4\xD3\xC6\x71\xA0\x1B\x5E\xE5\x6E\x78\xAE\xB1\xA6\x5B\x02\x45\x3A\x73\x44\xAA\xCF\xA1\x60\xB7\xD0\x8C\x84\xA0\xA4\x96\x89\x96\x5F\xD8\x1D\xFA\x0E\xBD\xE5\x5F\xD6\x87\x59\x4F\x0B\xE4\x85\x0F\x3F\xDC\x47\xEA\xF0\xC2\x11\xD3\xE4\x00\x2D\x9A\x86\xCC\x47\x47\x86\xC8\xFF\x52\x7D\x0B\xB9\xC1\x74\xD2\xA6\x96\x5F\x16\x7E\x42\xFB\xF6\x8D\xA5\xD7\x6E\x3C\xC3\xD3\x0E\x11\x47\xB9\x70\x71\xB8\x49\x98\xF5\x2F\xE7\x1B\x52\x4E\xB2\x3E\xB9\x46\xAD\x89\x9E\x7C\x7F\xF7\x51\xD9\x5C\x66\x12\x45\x5A\xE9\xD7\x80\x66\xA3\x19\xAE\x3D\x7D\xF2\x01\x60\x03\x4C\x85\x60\x51\x5C\x31\x91\xA4\xAB\x95\x21\xB5\xEB\xA8\x9D\xCF\x29\xD8\x78\x43\xF7\xA5\xD9\x8B\xC0\x88\xF6\xCE\xC5\x12\xC7\x21\x51\x44\x34\x43\xD1\x1E\x2F\xCD\x88\x8D\x47\x86\xED\x7C\x71\x55\x71\x0C\x09\xBC\x46" > $@
+all_final += ocsp-resp-future-produced-at.der
+ocsp-resp-future-this-update.der:
+	@printf "\x30\x82\x01\xB1\x0A\x01\x00\xA0\x82\x01\xAA\x30\x82\x01\xA6\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\x97\x30\x82\x01\x93\x30\x7D\xA2\x16\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x18\x0F\x32\x30\x31\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x52\x30\x50\x30\x3B\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x0A\x15\x68\xA6\xD1\x87\x1F\x63\xAD\x9E\xDD\xB6\xB1\xCF\x6D\x46\xF2\x02\x09\x07\x04\x14\xB4\x5A\xE4\xA5\xB3\xDE\xD2\x52\xF6\xB9\xD5\xA6\x95\x0F\xEB\x3E\xBC\xC7\xFD\xFF\x02\x02\x10\x00\x80\x00\x18\x0F\x32\x30\x32\x38\x30\x33\x30\x31\x32\x32\x30\x36\x30\x39\x5A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xB3\x6E\xB8\xFC\x74\x98\x28\x06\x1D\x4A\x25\x8F\x0E\x92\xD3\xB2\x02\xC8\xFE\x30\xD2\x59\xAA\x6C\xB0\x52\xC5\x71\x50\xC1\x37\x33\x5D\xBD\xDC\x0F\x0F\xF1\x81\x74\x8C\x7B\xA7\x4E\xFE\xC7\xB1\x70\xF2\xE8\x42\xC7\x4D\x05\x35\x66\xAC\xD3\xF8\x18\x78\x2B\x65\xB7\x46\x3F\x71\x9D\xC4\xD3\xC6\x71\xA0\x1B\x5E\xE5\x6E\x78\xAE\xB1\xA6\x5B\x02\x45\x3A\x73\x44\xAA\xCF\xA1\x60\xB7\xD0\x8C\x84\xA0\xA4\x96\x89\x96\x5F\xD8\x1D\xFA\x0E\xBD\xE5\x5F\xD6\x87\x59\x4F\x0B\xE4\x85\x0F\x3F\xDC\x47\xEA\xF0\xC2\x11\xD3\xE4\x00\x2D\x9A\x86\xCC\x47\x47\x86\xC8\xFF\x52\x7D\x0B\xB9\xC1\x74\xD2\xA6\x96\x5F\x16\x7E\x42\xFB\xF6\x8D\xA5\xD7\x6E\x3C\xC3\xD3\x0E\x11\x47\xB9\x70\x71\xB8\x49\x98\xF5\x2F\xE7\x1B\x52\x4E\xB2\x3E\xB9\x46\xAD\x89\x9E\x7C\x7F\xF7\x51\xD9\x5C\x66\x12\x45\x5A\xE9\xD7\x80\x66\xA3\x19\xAE\x3D\x7D\xF2\x01\x60\x03\x4C\x85\x60\x51\x5C\x31\x91\xA4\xAB\x95\x21\xB5\xEB\xA8\x9D\xCF\x29\xD8\x78\x43\xF7\xA5\xD9\x8B\xC0\x88\xF6\xCE\xC5\x12\xC7\x21\x51\x44\x34\x43\xD1\x1E\x2F\xCD\x88\x8D\x47\x86\xED\x7C\x71\x55\x71\x0C\x09\xBC\x46" > $@
+all_final += ocsp-resp-future-this-update.der
 ocsp-req-for-server2-in-database.der: server2-in-database.crt test-ca-sha256.crt
 	$(OPENSSL) ocsp -issuer test-ca-sha256.crt -cert server2-in-database.crt -no_nonce -reqout $@
 all_intermediate += ocsp-req-future-produced-at.der
-ocsp-resp-future-produced-at.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt
+ocsp-resp-future-produced-at-this-update.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt
 	$(FAKETIME) -f "+9y" $(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -reqin $< -respout $@
-all_final += ocsp-resp-future-produced-at.der
+all_final += ocsp-resp-future-produced-at-this-update.der
 ocsp-resp-issuer-is-signer.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt
 	$(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -reqin $< -respout $@
 all_final += ocsp-resp-issuer-is-signed.der
 ocsp-resp-no-certs-in-resp.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt
 	$(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -resp_key_id -resp_no_certs -noverify -reqin $< -respout $@
+ocsp-resp-expired-next-update.der: ocsp-req-for-server2-in-database.der test-ca-index.txt test-ca-sha256.crt
+	$(OPENSSL) ocsp -rsigner test-ca-sha256.crt -index test-ca-index.txt -rkey $(test_ca_key_file_rsa) -CA test-ca-sha256.crt -noverify -nmin 0 -reqin $< -respout $@
+all_final += ocsp-resp-expired-next-update.der
 
 ################################################################
 #### Meta targets
diff --git a/tests/data_files/ocsp-resp-expired-next-update.der b/tests/data_files/ocsp-resp-expired-next-update.der
new file mode 100644
index 0000000000..49994af118
Binary files /dev/null and b/tests/data_files/ocsp-resp-expired-next-update.der differ
diff --git a/tests/data_files/ocsp-resp-future-produced-at-this-update.der b/tests/data_files/ocsp-resp-future-produced-at-this-update.der
new file mode 100644
index 0000000000..7913291462
Binary files /dev/null and b/tests/data_files/ocsp-resp-future-produced-at-this-update.der differ
diff --git a/tests/data_files/ocsp-resp-future-produced-at.der b/tests/data_files/ocsp-resp-future-produced-at.der
index 7913291462..d6d12168d1 100644
Binary files a/tests/data_files/ocsp-resp-future-produced-at.der and b/tests/data_files/ocsp-resp-future-produced-at.der differ
diff --git a/tests/data_files/ocsp-resp-future-this-update.der b/tests/data_files/ocsp-resp-future-this-update.der
new file mode 100644
index 0000000000..966ac67762
Binary files /dev/null and b/tests/data_files/ocsp-resp-future-this-update.der differ
diff --git a/tests/suites/test_suite_x509parse_ocsp.data b/tests/suites/test_suite_x509parse_ocsp.data
index e074fbdff2..cb5322b73f 100644
--- a/tests/suites/test_suite_x509parse_ocsp.data
+++ b/tests/suites/test_suite_x509parse_ocsp.data
@@ -244,8 +244,11 @@ x509_ocsp_response_verify:"data_files/ocsp-resp-status-sig-required.der":"data_f
 X509 OCSP Response verification (unauthorized response status)
 x509_ocsp_response_verify:"data_files/ocsp-resp-status-unauthorized.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS
 
-X509 OCSP Response verification (producedAt is in the future)
-x509_ocsp_response_verify:"data_files/ocsp-resp-future-produced-at.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE
+X509 OCSP Response verification (future producedAt and thisUpdate)
+x509_ocsp_response_verify:"data_files/ocsp-resp-future-produced-at-this-update.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE
+
+X509 OCSP Response verification (future producedAt only)
+x509_ocsp_response_verify:"data_files/ocsp-resp-future-produced-at.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE | MBEDTLS_X509_BADOCSP_RESPONSE_NOT_TRUSTED
 
 X509 OCSP Response verification (response not supplied)
 x509_ocsp_response_verify:"":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_BAD_INPUT_DATA:0
@@ -267,3 +270,9 @@ x509_ocsp_response_verify:"data_files/ocsp-resp-invalid-signature.der":"data_fil
 
 X509 OCSP Response verification (no SingleResponse for certificate)
 x509_ocsp_response_verify:"data_files/ocsp-resp-issuer-is-signer.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_INCOMPLETE
+
+X509 OCSP Response verification (SingleResponse future thisUpdate)
+x509_ocsp_response_verify:"data_files/ocsp-resp-future-this-update.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_FUTURE | MBEDTLS_X509_BADOCSP_RESPONSE_NOT_TRUSTED
+
+X509 OCSP Response verification (SingleResponse expired nextUpdate)
+x509_ocsp_response_verify:"data_files/ocsp-resp-expired-next-update.der":"data_files/server2-in-database.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_EXPIRED