diff -up ./tests/ssl/ssl.sh.disable_ocsp_policy ./tests/ssl/ssl.sh --- ./tests/ssl/ssl.sh.disable_ocsp_policy 2024-07-05 14:18:03.985453657 -0700 +++ ./tests/ssl/ssl.sh 2024-07-05 14:21:59.308250122 -0700 @@ -968,6 +968,18 @@ ssl_policy_pkix_ocsp() #verbose="-v" html_head "Check that OCSP doesn't break if we disable sha1 $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE" + # if we are running on a build machine that can't tolerate external + # references don't run. + vfyserv -o wrong.host.badssl.com -d ${P_R_SERVERDIR} > ${P_R_SERVERDIR}/vfy2.out 2>&1 + RET=$? ; cat ${P_R_SERVERDIR}/vfy2.out" + # 5961 reset by peer + grep 5961 ${P_R_SERVERDIR}/vfy2.out + GRET=$? ; echo "OCSP: RET=$RET GRET=$GRET" + if [ $RET -ne 0 -o $GRET -eq 0 ]; then + echo "$SCRIPTNAME: skipping Check that OCSP doesn't break if we disable sha1 $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE - can't reach external servers" + return 0 + fi + PKIX_SAVE=${NSS_DISABLE_LIBPKIX_VERIFY-"unset"} unset NSS_DISABLE_LIBPKIX_VERIFY