diff --git a/security/insanity/lib/pkixder.h b/security/insanity/lib/pkixder.h
index 6b0e98257dac..99004b1a176e 100644
--- a/security/insanity/lib/pkixder.h
+++ b/security/insanity/lib/pkixder.h
@@ -163,6 +163,11 @@ public:
     return Success;
   }
 
+  void SkipToEnd()
+  {
+    input = end;
+  }
+
   bool AtEnd() const { return input == end; }
 
   class Mark
diff --git a/security/insanity/lib/pkixocsp.cpp b/security/insanity/lib/pkixocsp.cpp
index c9e3056178ee..ee23e3541811 100644
--- a/security/insanity/lib/pkixocsp.cpp
+++ b/security/insanity/lib/pkixocsp.cpp
@@ -603,6 +603,11 @@ SingleResponse(der::Input& input, Context& context)
   }
 
   if (!match) {
+    // This response does not reference the certificate we're interested in.
+    // By consuming the rest of our input and returning successfully, we can
+    // continue processing and examine another response that might have what
+    // we want.
+    input.SkipToEnd();
     return der::Success;
   }
 
@@ -745,6 +750,10 @@ CertID(der::Input& input, const Context& context, /*out*/ bool& match)
   const CERTCertificate& issuerCert = context.issuerCert;
 
   if (!SECITEM_ItemsAreEqual(&serialNumber, &cert.serialNumber)) {
+    // This does not reference the certificate we're interested in.
+    // Consume the rest of the input and return successfully to
+    // potentially continue processing other responses.
+    input.SkipToEnd();
     return der::Success;
   }
 
@@ -752,6 +761,8 @@ CertID(der::Input& input, const Context& context, /*out*/ bool& match)
 
   SECOidTag hashAlg = SECOID_GetAlgorithmTag(&hashAlgorithm);
   if (hashAlg != SEC_OID_SHA1) {
+    // Again, not interested in this response. Consume input, return success.
+    input.SkipToEnd();
     return der::Success;
   }
 
@@ -768,6 +779,8 @@ CertID(der::Input& input, const Context& context, /*out*/ bool& match)
     return der::Failure;
   }
   if (memcmp(hashBuf, issuerNameHash.data, issuerNameHash.len)) {
+    // Again, not interested in this response. Consume input, return success.
+    input.SkipToEnd();
     return der::Success;
   }
 
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling.js b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
index ae7d16d3e5d6..e4e45a8e9936 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_stapling.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
@@ -95,11 +95,8 @@ function add_tests_in_mode(useInsanity, certDB, otherTestCA) {
                 true);
   add_ocsp_test("ocsp-stapling-unknown.example.com",
                 getXPCOMStatusFromNSS(SEC_ERROR_OCSP_UNKNOWN_CERT), true);
-  // TODO(bug 977870): this should not result in SEC_ERROR_BAD_DER
   add_ocsp_test("ocsp-stapling-good-other.example.com",
-                getXPCOMStatusFromNSS(
-                  useInsanity ? SEC_ERROR_BAD_DER
-                              : SEC_ERROR_OCSP_UNKNOWN_CERT), true);
+                getXPCOMStatusFromNSS(SEC_ERROR_OCSP_UNKNOWN_CERT), true);
   // If the server doesn't staple an OCSP response, we continue as normal
   // (this means that even though stapling is enabled, we expect an OCSP
   // request).