RFC 7540 does not enforce any limit on the number of incoming reserved
streams (in RFC 7540 terms, streams in reserved (remote) state).  This
only affects client side, since only server can push streams.
Malicious server can push arbitrary number of streams, and make
client's memory exhausted.  The new option,
nghttp2_set_max_reserved_remote_streams, can set the maximum number of
such incoming streams to avoid possible memory exhaustion.  If this
option is set, and pushed streams are automatically closed on
reception, without calling user provided callback, if they exceed the
given limit.  The default value is 200.  If session is configured as
server side, this option has no effect.  Server can control the number
of streams to push.

With OpenSSL <= 1.0.1, openssl ocsp command still returns exit code 0,
even if verification was failed.  If that happens certain string is
emitted in stderr, so check that string and if exists, treat it as
error.  This issue was fixed in OpenSSL 1.0.2.

At least OpenSSL 1.0.2, openssl ocsp command still returns exit code
0, even if responder returned non-successful status code (e.g.,
trylater(3)).  We are not sure this is intentional or not.  To handle
this, we again check certain error string in stdout, and if it is
found, treat it as error.