Comment 14 for bug 1930430

Accepted, but I wonder if it's worth testing that the regular non-proxy case OCSP check is still working correctly (for the various good/revoked/unknown/unreachable responses), as it'd be fairly disastrous from a security perspective if that regressed due to this update. Could this be done before landing this into focal-updates please?