In practice, nothing breaks if it can't reach OCSP in a lot of cases. But as with most PKI systems, it causes problems sometimes, so we have to do stupid things like add firewall rules to allow secure systems to reach OCSP endpoints to avoid random PKI-dependent stuff coming crashing down.