1 files changed, 11 insertions, 5 deletions

diff --git a/src/network/access/qhttpthreaddelegate.cpp b/src/network/access/qhttpthreaddelegate.cpp
index 9d874b4d94..3d17664ed4 100644
--- a/src/network/access/qhttpthreaddelegate.cpp
+++ b/src/network/access/qhttpthreaddelegate.cpp
@@ -44,6 +44,7 @@
 #include <QTimer>
 #include <QAuthenticator>
 #include <QEventLoop>
+#include <QCryptographicHash>
 
 #include "private/qhttpnetworkreply_p.h"
 #include "private/qnetworkaccesscache_p.h"
@@ -158,7 +159,10 @@ static QByteArray makeCacheKey(QUrl &url, QNetworkProxy *proxy)
         }
 
         if (!key.scheme().isEmpty()) {
+            const QByteArray obfuscatedPassword = QCryptographicHash::hash(proxy->password().toUtf8(),
+                                                                           QCryptographicHash::Sha1).toHex();
             key.setUserName(proxy->user());
+            key.setPassword(QString::fromUtf8(obfuscatedPassword));
             key.setHost(proxy->hostName());
             key.setPort(proxy->port());
             key.setQuery(result);
@@ -290,18 +294,21 @@ void QHttpThreadDelegate::startRequest()
                                        : QHttpNetworkConnection::ConnectionTypeHTTP;
 
 #ifndef QT_NO_SSL
+    if (ssl && !incomingSslConfiguration.data())
+        incomingSslConfiguration.reset(new QSslConfiguration);
+
     if (httpRequest.isHTTP2Allowed() && ssl) {
         QList<QByteArray> protocols;
         protocols << QSslConfiguration::ALPNProtocolHTTP2
                   << QSslConfiguration::NextProtocolHttp1_1;
-        incomingSslConfiguration.setAllowedNextProtocols(protocols);
+        incomingSslConfiguration->setAllowedNextProtocols(protocols);
     } else if (httpRequest.isSPDYAllowed() && ssl) {
         connectionType = QHttpNetworkConnection::ConnectionTypeSPDY;
         urlCopy.setScheme(QStringLiteral("spdy")); // to differentiate SPDY requests from HTTPS requests
         QList<QByteArray> nextProtocols;
         nextProtocols << QSslConfiguration::NextProtocolSpdy3_0
                       << QSslConfiguration::NextProtocolHttp1_1;
-        incomingSslConfiguration.setAllowedNextProtocols(nextProtocols);
+        incomingSslConfiguration->setAllowedNextProtocols(nextProtocols);
     }
 #endif // QT_NO_SSL
 
@@ -330,9 +337,8 @@ void QHttpThreadDelegate::startRequest()
 #endif
 #ifndef QT_NO_SSL
         // Set the QSslConfiguration from this QNetworkRequest.
-        if (ssl && incomingSslConfiguration != QSslConfiguration::defaultConfiguration()) {
-            httpConnection->setSslConfiguration(incomingSslConfiguration);
-        }
+        if (ssl)
+            httpConnection->setSslConfiguration(*incomingSslConfiguration);
 #endif
 
 #ifndef QT_NO_NETWORKPROXY