Just trying to gain an understanding.
If you just set the OCSP/CRL flags to true, but don't hard code the responder URL etc. That data is pulled from the certificate.
In the case of mutual authentication, from where is this data retrieved? The client cert or the server?