You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
1.0 KiB
23 lines
1.0 KiB
diff -up ./tests/ssl/ssl.sh.disable_ocsp_policy ./tests/ssl/ssl.sh
|
|
--- ./tests/ssl/ssl.sh.disable_ocsp_policy 2024-07-05 14:18:03.985453657 -0700
|
|
+++ ./tests/ssl/ssl.sh 2024-07-05 14:21:59.308250122 -0700
|
|
@@ -968,6 +968,18 @@ ssl_policy_pkix_ocsp()
|
|
#verbose="-v"
|
|
html_head "Check that OCSP doesn't break if we disable sha1 $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
|
|
|
|
+ # if we are running on a build machine that can't tolerate external
|
|
+ # references don't run.
|
|
+ vfyserv -o wrong.host.badssl.com -d ${P_R_SERVERDIR} > ${P_R_SERVERDIR}/vfy2.out 2>&1
|
|
+ RET=$? ; cat "${P_R_SERVERDIR}/vfy2.out"
|
|
+ # 5961 reset by peer
|
|
+ grep 5961 ${P_R_SERVERDIR}/vfy2.out
|
|
+ GRET=$? ; echo "OCSP: RET=$RET GRET=$GRET"
|
|
+ if [ $RET -ne 0 -o $GRET -eq 0 ]; then
|
|
+ echo "$SCRIPTNAME: skipping Check that OCSP doesn't break if we disable sha1 $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE - can't reach external servers"
|
|
+ return 0
|
|
+ fi
|
|
+
|
|
PKIX_SAVE=${NSS_DISABLE_LIBPKIX_VERIFY-"unset"}
|
|
unset NSS_DISABLE_LIBPKIX_VERIFY
|
|
|