Merge remote-tracking branch 'origin/5.9' into 5.10

 Conflicts:
	src/corelib/global/qconfig-bootstrapped.h
	src/corelib/global/qglobal.h
	src/corelib/tools/qcryptographichash.cpp
	src/corelib/tools/qcryptographichash.h
	src/corelib/tools/qmessageauthenticationcode.cpp
	src/plugins/platforms/windows/qwindowswindow.h
	tests/auto/gui/kernel/qwindow/BLACKLIST
	tests/auto/widgets/itemviews/qitemdelegate/BLACKLIST

Change-Id: Ib68112de985a3d714c2071f47c10e907e4f0229a

3 files changed, 73 insertions, 23 deletions

diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
index e995b69f60..542246ff2d 100644
--- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
@@ -487,6 +487,7 @@ private Q_SLOTS:
     void ioHttpRedirectPolicyErrors();
     void ioHttpUserVerifiedRedirect_data();
     void ioHttpUserVerifiedRedirect();
+    void ioHttpCookiesDuringRedirect();
 #ifndef QT_NO_SSL
     void putWithServerClosingConnectionImmediately();
 #endif
@@ -8410,6 +8411,33 @@ void tst_QNetworkReply::ioHttpUserVerifiedRedirect()
     QCOMPARE(reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt(), statusCode);
 }
 
+void tst_QNetworkReply::ioHttpCookiesDuringRedirect()
+{
+    MiniHttpServer target(httpEmpty200Response, false);
+
+    const QString cookieHeader = QStringLiteral("Set-Cookie: hello=world; Path=/;\r\n");
+    QString redirect = tempRedirectReplyStr();
+    // Insert 'cookieHeader' before the final \r\n
+    redirect.insert(redirect.length() - 2, cookieHeader);
+
+    QUrl url("http://localhost/");
+    url.setPort(target.serverPort());
+    redirect = redirect.arg(url.toString());
+    MiniHttpServer redirectServer(redirect.toLatin1(), false);
+
+    url = QUrl("http://localhost/");
+    url.setPort(redirectServer.serverPort());
+    QNetworkRequest request(url);
+    auto oldRedirectPolicy = manager.redirectPolicy();
+    manager.setRedirectPolicy(QNetworkRequest::RedirectPolicy::NoLessSafeRedirectPolicy);
+    QNetworkReplyPtr reply(manager.get(request));
+    // Set policy back to whatever it was
+    manager.setRedirectPolicy(oldRedirectPolicy);
+
+    QVERIFY(waitForFinish(reply) == Success);
+    QVERIFY(target.receivedData.contains("\r\nCookie: hello=world\r\n"));
+}
+
 #ifndef QT_NO_SSL
 
 class PutWithServerClosingConnectionImmediatelyHandler: public QObject
diff --git a/tests/auto/network/kernel/qnetworkproxyfactory/tst_qnetworkproxyfactory.cpp b/tests/auto/network/kernel/qnetworkproxyfactory/tst_qnetworkproxyfactory.cpp
index f3a1ac84ff..90da0b64e2 100644
--- a/tests/auto/network/kernel/qnetworkproxyfactory/tst_qnetworkproxyfactory.cpp
+++ b/tests/auto/network/kernel/qnetworkproxyfactory/tst_qnetworkproxyfactory.cpp
@@ -256,8 +256,8 @@ void tst_QNetworkProxyFactory::genericSystemProxy()
     QFETCH(QString, hostName);
     QFETCH(int, port);
 
-// The generic system proxy is only available on the following platforms
-#if (!defined Q_OS_WIN) && (!defined Q_OS_OSX) && !QT_CONFIG(libproxy)
+// We can only use the generic system proxy where available:
+#if !defined(Q_OS_WIN) && !defined(Q_OS_MACOS) && !QT_CONFIG(libproxy)
     qputenv(envVar, url);
     const QList<QNetworkProxy> systemProxy = QNetworkProxyFactory::systemProxyForQuery();
     QCOMPARE(systemProxy.size(), 1);
diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
index b5bfde3cab..25c2701f69 100644
--- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
+++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
@@ -168,29 +168,59 @@ void tst_QSslSocket_onDemandCertificates_member::proxyAuthenticationRequired(con
 
 #ifndef QT_NO_OPENSSL
 
+static bool waitForEncrypted(QSslSocket *socket)
+{
+    Q_ASSERT(socket);
+
+    QEventLoop eventLoop;
+
+    QTimer connectionTimeoutWatcher;
+    connectionTimeoutWatcher.setSingleShot(true);
+    connectionTimeoutWatcher.connect(&connectionTimeoutWatcher, &QTimer::timeout,
+                                     [&eventLoop]() {
+                                        eventLoop.exit();
+                                     });
+
+    bool encrypted = false;
+    socket->connect(socket, &QSslSocket::encrypted, [&eventLoop, &encrypted](){
+                        eventLoop.exit();
+                        encrypted = true;
+                    });
+
+    socket->connect(socket, QOverload<const QList<QSslError>&>::of(&QSslSocket::sslErrors),
+                    [&eventLoop](){
+                        eventLoop.exit();
+                    });
+
+    // Wait for 30 s. maximum - the default timeout in our QSslSocket::waitForEncrypted ...
+    connectionTimeoutWatcher.start(30000);
+    eventLoop.exec();
+    return encrypted;
+}
+
 void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMethods()
 {
-    QString host("www.qt.io");
+    const QString host("www.qt.io");
 
     // not using any root certs -> should not work
     QSslSocketPtr socket2 = newSocket();
     this->socket = socket2.data();
     socket2->setCaCertificates(QList<QSslCertificate>());
     socket2->connectToHostEncrypted(host, 443);
-    QVERIFY(!socket2->waitForEncrypted());
+    QVERIFY(!waitForEncrypted(socket2.data()));
 
     // default: using on demand loading -> should work
     QSslSocketPtr socket = newSocket();
     this->socket = socket.data();
     socket->connectToHostEncrypted(host, 443);
-    QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));
+    QVERIFY2(waitForEncrypted(socket.data()), qPrintable(socket->errorString()));
 
     // not using any root certs again -> should not work
     QSslSocketPtr socket3 = newSocket();
     this->socket = socket3.data();
     socket3->setCaCertificates(QList<QSslCertificate>());
     socket3->connectToHostEncrypted(host, 443);
-    QVERIFY(!socket3->waitForEncrypted());
+    QVERIFY(!waitForEncrypted(socket3.data()));
 
     // setting empty SSL configuration explicitly -> depends on on-demand loading
     QSslSocketPtr socket4 = newSocket();
@@ -199,24 +229,16 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe
     socket4->setSslConfiguration(conf);
     socket4->connectToHostEncrypted(host, 443);
 #ifdef QT_BUILD_INTERNAL
-    bool rootCertLoadingAllowed = QSslSocketPrivate::rootCertOnDemandLoadingSupported();
-#if defined(Q_OS_LINUX)
-    QCOMPARE(rootCertLoadingAllowed, true);
+    const bool works = QSslSocketPrivate::rootCertOnDemandLoadingSupported();
+#if defined(Q_OS_LINUX) || defined(Q_OS_WIN)
+    QCOMPARE(works, true);
 #elif defined(Q_OS_MAC)
-    QCOMPARE(rootCertLoadingAllowed, false);
-#endif // other platforms: undecided (Windows: depends on the version)
-    // when we allow on demand loading, it is enabled by default,
-    // so on Unix it will work without setting any certificates. Otherwise,
-    // the configuration contains an empty set of certificates
-    // and will fail.
-    bool works;
-#if defined (Q_OS_WIN)
-    works = false; // on Windows, this won't work even though we use on demand loading
-    Q_UNUSED(rootCertLoadingAllowed)
-#else
-    works = rootCertLoadingAllowed;
-#endif
-    QCOMPARE(socket4->waitForEncrypted(), works);
+    QCOMPARE(works, false);
+#endif // other platforms: undecided.
+    // When we *allow* on-demand loading, we enable it by default; so, on Unix,
+    // it will work without setting any certificates.  Otherwise, the configuration
+    // contains an empty set of certificates, so on-demand loading shall fail.
+   QCOMPARE(waitForEncrypted(socket4.data()), works);
 #endif // QT_BUILD_INTERNAL
 }