1 files changed, 39 insertions, 2 deletions

diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 3f732b4646..7e92d3a526 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -228,7 +228,8 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
         d->nextAllowedProtocols == other.d->nextAllowedProtocols &&
         d->nextNegotiatedProtocol == other.d->nextNegotiatedProtocol &&
         d->nextProtocolNegotiationStatus == other.d->nextProtocolNegotiationStatus &&
-        d->dtlsCookieEnabled == other.d->dtlsCookieEnabled;
+        d->dtlsCookieEnabled == other.d->dtlsCookieEnabled &&
+        d->ocspStaplingEnabled == other.d->ocspStaplingEnabled;
 }
 
 /*!
@@ -272,7 +273,8 @@ bool QSslConfiguration::isNull() const
             d->preSharedKeyIdentityHint.isNull() &&
             d->nextAllowedProtocols.isEmpty() &&
             d->nextNegotiatedProtocol.isNull() &&
-            d->nextProtocolNegotiationStatus == QSslConfiguration::NextProtocolNegotiationNone);
+            d->nextProtocolNegotiationStatus == QSslConfiguration::NextProtocolNegotiationNone &&
+            d->ocspStaplingEnabled == false);
 }
 
 /*!
@@ -585,6 +587,8 @@ void QSslConfiguration::setPrivateKey(const QSslKey &key)
     ciphers. You can revert to using the entire set by calling
     setCiphers() with the list returned by QSslSocket::supportedCiphers().
 
+    \note This is not currently supported in the Schannel backend.
+
     \sa setCiphers(), QSslSocket::supportedCiphers()
 */
 QList<QSslCipher> QSslConfiguration::ciphers() const
@@ -600,6 +604,8 @@ QList<QSslCipher> QSslConfiguration::ciphers() const
     Restricting the cipher suite must be done before the handshake
     phase, where the session cipher is chosen.
 
+    \note This is not currently supported in the Schannel backend.
+
     \sa ciphers(), QSslSocket::supportedCiphers()
 */
 void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers)
@@ -1094,6 +1100,37 @@ void QSslConfiguration::setDefaultDtlsConfiguration(const QSslConfiguration &con
 
 #endif // dtls
 
+/*!
+    \since 5.13
+    If \a enabled is true, client QSslSocket will send a certificate status request
+    to its peer when initiating a handshake. During the handshake QSslSocket will
+    verify the server's response. This value must be set before the handshake
+    starts.
+
+    \sa ocspStaplingEnabled()
+*/
+void QSslConfiguration::setOcspStaplingEnabled(bool enabled)
+{
+#if QT_CONFIG(ocsp)
+    d->ocspStaplingEnabled = enabled;
+#else
+    if (enabled)
+        qCWarning(lcSsl, "Enabling OCSP-stapling requires the feature 'ocsp'");
+#endif // ocsp
+}
+
+/*!
+    \since 5.13
+    Returns true if OCSP stapling was enabled by setOCSPStaplingEnabled(),
+    otherwise false (which is the default value).
+
+    \sa setOcspStaplingEnabled()
+*/
+bool QSslConfiguration::ocspStaplingEnabled() const
+{
+    return d->ocspStaplingEnabled;
+}
+
 /*! \internal
 */
 bool QSslConfigurationPrivate::peerSessionWasShared(const QSslConfiguration &configuration) {