diff options
Diffstat (limited to 'src/network/access/qnetworkreplyhttpimpl.cpp')
-rw-r--r-- | src/network/access/qnetworkreplyhttpimpl.cpp | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp index 19f424b35f..7d863ef53c 100644 --- a/src/network/access/qnetworkreplyhttpimpl.cpp +++ b/src/network/access/qnetworkreplyhttpimpl.cpp @@ -52,6 +52,7 @@ #include "QtCore/qelapsedtimer.h" #include "QtNetwork/qsslconfiguration.h" #include "qhttpthreaddelegate_p.h" +#include "qhsts_p.h" #include "qthread.h" #include "QtCore/qcoreapplication.h" @@ -384,6 +385,12 @@ void QNetworkReplyHttpImpl::ignoreSslErrors() { Q_D(QNetworkReplyHttpImpl); + if (d->managerPrivate && d->managerPrivate->stsEnabled + && d->managerPrivate->stsCache.isKnownHost(url())) { + // We cannot ignore any Security Transport-related errors for this host. + return; + } + d->pendingIgnoreAllSslErrors = true; } @@ -391,6 +398,12 @@ void QNetworkReplyHttpImpl::ignoreSslErrorsImplementation(const QList<QSslError> { Q_D(QNetworkReplyHttpImpl); + if (d->managerPrivate && d->managerPrivate->stsEnabled + && d->managerPrivate->stsCache.isKnownHost(url())) { + // We cannot ignore any Security Transport-related errors for this host. + return; + } + // the pending list is set if QNetworkReply::ignoreSslErrors(const QList<QSslError> &errors) // is called before QNetworkAccessManager::get() (or post(), etc.) d->pendingIgnoreSslErrorsList = errors; @@ -1179,6 +1192,15 @@ void QNetworkReplyHttpImplPrivate::replyDownloadMetaData(const QList<QPair<QByte statusCode = sc; reasonPhrase = rp; +#ifndef QT_NO_SSL + // We parse this header only if we're using secure transport: + // + // RFC6797, 8.1 + // If an HTTP response is received over insecure transport, the UA MUST + // ignore any present STS header field(s). + if (url.scheme() == QLatin1String("https") && managerPrivate->stsEnabled) + managerPrivate->stsCache.updateFromHeaders(hm, url); +#endif // Download buffer if (!db.isNull()) { downloadBufferPointer = db; |