nixos/h2o: disable OCSP stapling in tests

toastal · toastal · commit 54710e9cc13e · 2025-03-27T22:37:05.000+07:00
The ACME certs are faked for testing &amp; no need to contact a certificate
authority.
diff --git a/nixos/tests/web-servers/h2o/basic.nix b/nixos/tests/web-servers/h2o/basic.nix
@@ -68,6 +68,8 @@ in
                 ];
                 extraSettings = {
                   minimum-version = "TLSv1.3";
+                  # when using common ACME certs, disable talking to CA
+                  ocsp-update-interval = 0;
                 };
               };
               settings = {
diff --git a/nixos/tests/web-servers/h2o/tls-recommendations.nix b/nixos/tests/web-servers/h2o/tls-recommendations.nix
@@ -39,6 +39,10 @@ let
                   certificate-file = ../../common/acme/server/acme.test.cert.pem;
                 }
               ];
+              extraSettings = {
+                # when using common ACME certs, disable talking to CA
+                ocsp-update-interval = 0;
+              };
             };
             settings = {
               paths."/"."file.file" = "${hello_txt recommendations}";
