diff --git a/examples/client/client.c b/examples/client/client.c
index cc49afe85..afdbc2d86 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -173,6 +173,9 @@ static void Usage(void)
 #ifdef HAVE_ANON
     printf("-a          Anonymous client\n");
 #endif
+#ifdef HAVE_CRL
+    printf("-C          Disable CRL\n");
+#endif
 }
 
 THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
@@ -208,7 +211,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int    doPeerCheck = 1;
     int    nonBlocking = 0;
     int    resumeSession = 0;
-    int    wc_shutdown      = 0;
+    int    wc_shutdown   = 0;
+    int    disableCRL    = 0;
     int    ret;
     int    scr           = 0;    /* allow secure renegotiation */
     int    forceScr      = 0;    /* force client initiaed scr */
@@ -262,11 +266,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     (void)verifyCert;
     (void)useClientCert;
     (void)overrideDateErrors;
+    (void)disableCRL;
 
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
+                          "?gdDusmNrwRitfxUPCh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -284,6 +289,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 overrideDateErrors = 1;
                 break;
 
+            case 'C' :
+                disableCRL = 1;
+                break;
+
             case 'u' :
                 doDTLS  = 1;
                 break;
@@ -723,12 +732,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
     wolfSSL_set_fd(ssl, sockfd);
 #ifdef HAVE_CRL
-    if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
-        err_sys("can't enable crl check");
-    if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
-        err_sys("can't load crl, check crlfile and date validity");
-    if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
-        err_sys("can't set crl callback");
+    if (disableCRL == 0) {
+        if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
+            err_sys("can't enable crl check");
+        if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
+            err_sys("can't load crl, check crlfile and date validity");
+        if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
+            err_sys("can't set crl callback");
+    }
 #endif
 #ifdef HAVE_SECURE_RENEGOTIATION
     if (scr) {
diff --git a/scripts/external.test b/scripts/external.test
new file mode 100755
index 000000000..9b2668d80
--- /dev/null
+++ b/scripts/external.test
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# external.test
+
+server=www.wolfssl.com
+ca=./certs/wolfssl-website-ca.pem
+
+[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
+
+# is our desired server there?
+ping -c 2 -i 0.2 $server
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
+
+# client test against the server
+./examples/client/client -C -h $server -p 443 -g -A $ca
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+
+exit 0
diff --git a/scripts/include.am b/scripts/include.am
index 2a98f97e0..091f3d7a4 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -10,6 +10,7 @@ endif
 
 if BUILD_EXAMPLES
 dist_noinst_SCRIPTS+= scripts/resume.test
+dist_noinst_SCRIPTS+= scripts/external.test
 endif
 
 EXTRA_DIST +=  scripts/testsuite.pcap