Correct usage of OCSP_basic_verify() in openssl?

Question

I have been referencing https://github.com/openssl/openssl/blob/master/apps/ocsp.c to create my own OCSP implementation and to verify the OCSP Basic response once I receive it from OCSP responder. But somehow ,each iteration I run, I keep getting the error error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:138:Verify error:unable to get issuer certificate. Please note that I have X509 data of both the certificate to be validated and the issuer certificate and I am using the below code to verify the response:

         OCSP_BASICRESP *br = OCSP_response_get1_basic(resp); // where resp is the response received.
         STACK_OF(X509)* certs = sk_X509_new_null();
         if (!sk_X509_push(certs, issuer)) // issuer X509 known
             printf("Failed to add issuer");

         X509_STORE* store = X509_STORE_new();
         X509_LOOKUP *lookup;
         lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
         lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
         X509_STORE_add_cert(store,issuer);
         ret_val = OCSP_basic_verify(br, certs, store, 0);
         if (ret_val <= 0) {
             printf("Response Verify Failure: %d", ret_val);

For the above code, I keep getting ret_val as 0 and the error mentioned above is being logged. However, I am getting correct response from OCSP responder and the certificate status is good. Only thing remaining is fixing the call to OCSP_basic_verify. Can someone please point out where I might be going wrong? Thanks.

Answer 1

Answer as provided by @Castaglia.

Problem was infact that the OCSP_basic_verify keeps looping till it finds the root CA. But since the certificate I added was just the intermediate certificate, the verification was failing. Once I added the entire chain, OCSP_basic_verify call started going through