21 files changed, 126 insertions, 60 deletions

diff --git a/src/network/access/qhttp2configuration.cpp b/src/network/access/qhttp2configuration.cpp
index 408f141e77..e4126905b2 100644
--- a/src/network/access/qhttp2configuration.cpp
+++ b/src/network/access/qhttp2configuration.cpp
@@ -159,7 +159,7 @@ QHttp2Configuration::~QHttp2Configuration()
 
 /*!
     If \a enable is \c true, a remote server can potentially
-    use server push to send reponses in advance.
+    use server push to send responses in advance.
 
     \sa serverPushEnabled
 */
diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
index ddd661cc50..39dd460881 100644
--- a/src/network/access/qhttp2protocolhandler.cpp
+++ b/src/network/access/qhttp2protocolhandler.cpp
@@ -1135,8 +1135,6 @@ void QHttp2ProtocolHandler::updateStream(Stream &stream, const HPack::HttpHeader
     // moment and we are probably not done yet. So we extract url and set it
     // here, if needed.
     int statusCode = 0;
-    QUrl redirectUrl;
-
     for (const auto &pair : headers) {
         const auto &name = pair.name;
         auto value = pair.value;
@@ -1159,8 +1157,6 @@ void QHttp2ProtocolHandler::updateStream(Stream &stream, const HPack::HttpHeader
             if (ok)
                 httpReply->setContentLength(length);
         } else {
-            if (name == "location")
-                redirectUrl = QUrl::fromEncoded(value);
             QByteArray binder(", ");
             if (name == "set-cookie")
                 binder = "\n";
@@ -1225,8 +1221,20 @@ void QHttp2ProtocolHandler::updateStream(Stream &stream, const HPack::HttpHeader
         }
     }
 
-    if (QHttpNetworkReply::isHttpRedirect(statusCode) && redirectUrl.isValid())
-        httpReply->setRedirectUrl(redirectUrl);
+    if (QHttpNetworkReply::isHttpRedirect(statusCode) && httpRequest.isFollowRedirects()) {
+        QHttpNetworkConnectionPrivate::ParseRedirectResult result =
+                m_connection->d_func()->parseRedirectResponse(httpReply);
+        if (result.errorCode != QNetworkReply::NoError) {
+            auto errorString = m_connection->d_func()->errorDetail(result.errorCode, m_socket);
+            finishStreamWithError(stream, result.errorCode, errorString);
+            sendRST_STREAM(stream.streamID, INTERNAL_ERROR);
+            markAsReset(stream.streamID);
+            return;
+        }
+
+        if (result.redirectUrl.isValid())
+            httpReply->setRedirectUrl(result.redirectUrl);
+    }
 
     if (httpReplyPrivate->isCompressed() && httpRequest.d->autoDecompress)
         httpReplyPrivate->removeAutoDecompressHeader();
diff --git a/src/network/access/qhttpnetworkconnection.cpp b/src/network/access/qhttpnetworkconnection.cpp
index 1bef9157e6..db4dd591e3 100644
--- a/src/network/access/qhttpnetworkconnection.cpp
+++ b/src/network/access/qhttpnetworkconnection.cpp
@@ -462,7 +462,12 @@ bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QAbstractSocket
         else
             channels[i].authMethod = priv->method;
 
-        if (priv->phase == QAuthenticatorPrivate::Done) {
+        if (priv->phase == QAuthenticatorPrivate::Done ||
+                (priv->phase == QAuthenticatorPrivate::Start
+                    && priv->method == QAuthenticatorPrivate::Ntlm)) {
+            if (priv->phase == QAuthenticatorPrivate::Start)
+                priv->phase = QAuthenticatorPrivate::Phase1;
+
             pauseConnection();
             if (!isProxy) {
                 if (channels[i].authenticationCredentialsSent) {
@@ -528,10 +533,23 @@ bool QHttpNetworkConnectionPrivate::handleAuthenticateChallenge(QAbstractSocket
     return false;
 }
 
-QUrl QHttpNetworkConnectionPrivate::parseRedirectResponse(QAbstractSocket *socket, QHttpNetworkReply *reply)
+// Used by the HTTP1 code-path
+QUrl QHttpNetworkConnectionPrivate::parseRedirectResponse(QAbstractSocket *socket,
+                                                          QHttpNetworkReply *reply)
+{
+    ParseRedirectResult result = parseRedirectResponse(reply);
+    if (result.errorCode != QNetworkReply::NoError) {
+        emitReplyError(socket, reply, result.errorCode);
+        return {};
+    }
+    return std::move(result.redirectUrl);
+}
+
+QHttpNetworkConnectionPrivate::ParseRedirectResult
+QHttpNetworkConnectionPrivate::parseRedirectResponse(QHttpNetworkReply *reply)
 {
     if (!reply->request().isFollowRedirects())
-        return QUrl();
+        return {{}, QNetworkReply::NoError};
 
     QUrl redirectUrl;
     const QList<QPair<QByteArray, QByteArray> > fields = reply->header();
@@ -542,17 +560,13 @@ QUrl QHttpNetworkConnectionPrivate::parseRedirectResponse(QAbstractSocket *socke
         }
     }
 
-    // If the location url is invalid/empty, we emit ProtocolUnknownError
-    if (!redirectUrl.isValid()) {
-        emitReplyError(socket, reply, QNetworkReply::ProtocolUnknownError);
-        return QUrl();
-    }
+    // If the location url is invalid/empty, we return ProtocolUnknownError
+    if (!redirectUrl.isValid())
+        return {{}, QNetworkReply::ProtocolUnknownError};
 
     // Check if we have exceeded max redirects allowed
-    if (reply->request().redirectCount() <= 0) {
-        emitReplyError(socket, reply, QNetworkReply::TooManyRedirectsError);
-        return QUrl();
-    }
+    if (reply->request().redirectCount() <= 0)
+        return {{}, QNetworkReply::TooManyRedirectsError};
 
     // Resolve the URL if it's relative
     if (redirectUrl.isRelative())
@@ -573,8 +587,7 @@ QUrl QHttpNetworkConnectionPrivate::parseRedirectResponse(QAbstractSocket *socke
             if (priorUrl.host() != redirectUrl.host()
                 || priorUrl.scheme() != redirectUrl.scheme()
                 || priorUrl.port() != redirectUrl.port()) {
-                emitReplyError(socket, reply, QNetworkReply::InsecureRedirectError);
-                return QUrl();
+                return {{}, QNetworkReply::InsecureRedirectError};
             }
             break;
         case QNetworkRequest::UserVerifiedRedirectPolicy:
@@ -583,10 +596,9 @@ QUrl QHttpNetworkConnectionPrivate::parseRedirectResponse(QAbstractSocket *socke
             Q_ASSERT(!"Unexpected redirect policy");
         }
     } else {
-        emitReplyError(socket, reply, QNetworkReply::ProtocolUnknownError);
-        return QUrl();
+        return {{}, QNetworkReply::ProtocolUnknownError};
     }
-    return redirectUrl;
+    return {std::move(redirectUrl), QNetworkReply::NoError};
 }
 
 void QHttpNetworkConnectionPrivate::createAuthorization(QAbstractSocket *socket, QHttpNetworkRequest &request)
@@ -1446,7 +1458,7 @@ void QHttpNetworkConnection::setCacheProxy(const QNetworkProxy &networkProxy)
     d->networkProxy = networkProxy;
     // update the authenticator
     if (!d->networkProxy.user().isEmpty()) {
-        for (int i = 0; i < d->activeChannelCount; ++i) {
+        for (int i = 0; i < d->channelCount; ++i) {
             d->channels[i].proxyAuthenticator.setUser(d->networkProxy.user());
             d->channels[i].proxyAuthenticator.setPassword(d->networkProxy.password());
         }
@@ -1462,7 +1474,7 @@ QNetworkProxy QHttpNetworkConnection::cacheProxy() const
 void QHttpNetworkConnection::setTransparentProxy(const QNetworkProxy &networkProxy)
 {
     Q_D(QHttpNetworkConnection);
-    for (int i = 0; i < d->activeChannelCount; ++i)
+    for (int i = 0; i < d->channelCount; ++i)
         d->channels[i].setProxy(networkProxy);
 }
 
diff --git a/src/network/access/qhttpnetworkconnection_p.h b/src/network/access/qhttpnetworkconnection_p.h
index 845b55bc5d..5fed62fc97 100644
--- a/src/network/access/qhttpnetworkconnection_p.h
+++ b/src/network/access/qhttpnetworkconnection_p.h
@@ -273,6 +273,12 @@ public:
 
     void emitReplyError(QAbstractSocket *socket, QHttpNetworkReply *reply, QNetworkReply::NetworkError errorCode);
     bool handleAuthenticateChallenge(QAbstractSocket *socket, QHttpNetworkReply *reply, bool isProxy, bool &resend);
+    struct ParseRedirectResult {
+        QUrl redirectUrl;
+        QNetworkReply::NetworkError errorCode;
+    };
+    ParseRedirectResult parseRedirectResponse(QHttpNetworkReply *reply);
+    // Used by the HTTP1 code-path
     QUrl parseRedirectResponse(QAbstractSocket *socket, QHttpNetworkReply *reply);
 
 #ifndef QT_NO_NETWORKPROXY
diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp
index 517c460825..a10fe9e3fe 100644
--- a/src/network/access/qnetworkaccessmanager.cpp
+++ b/src/network/access/qnetworkaccessmanager.cpp
@@ -755,7 +755,7 @@ bool QNetworkAccessManager::isStrictTransportSecurityEnabled() const
     store is enabled, these policies will be preserved in the store. In case both
     cache and store contain the same known hosts, policies from cache are considered
     to be more up-to-date (and thus will overwrite the previous values in the store).
-    If this behavior is undesired, enable HSTS store before enabling Strict Tranport
+    If this behavior is undesired, enable HSTS store before enabling Strict Transport
     Security. By default, the persistent store of HSTS policies is disabled.
 
     \sa isStrictTransportSecurityStoreEnabled(), setStrictTransportSecurityEnabled(),
diff --git a/src/network/access/qnetworkreplywasmimpl.cpp b/src/network/access/qnetworkreplywasmimpl.cpp
index 2ee57a0860..7f23390a8d 100644
--- a/src/network/access/qnetworkreplywasmimpl.cpp
+++ b/src/network/access/qnetworkreplywasmimpl.cpp
@@ -234,10 +234,13 @@ void QNetworkReplyWasmImplPrivate::doSendRequest()
         }
     }
 
+    QByteArray userName, password;
     // username & password
     if (!request.url().userInfo().isEmpty()) {
-        attr.userName = request.url().userName().toUtf8();
-        attr.password = request.url().password().toUtf8();
+        userName = request.url().userName().toUtf8();
+        password = request.url().password().toUtf8();
+        attr.userName = userName.constData();
+        attr.password = password.constData();
     }
 
     attr.attributes = EMSCRIPTEN_FETCH_LOAD_TO_MEMORY;
@@ -265,7 +268,8 @@ void QNetworkReplyWasmImplPrivate::doSendRequest()
     attr.userData = reinterpret_cast<void *>(this);
 
     QString dPath = QStringLiteral("/home/web_user/") + request.url().fileName();
-    attr.destinationPath = dPath.toUtf8();
+    QByteArray destinationPath = dPath.toUtf8();
+    attr.destinationPath = destinationPath.constData();
 
     m_fetch = emscripten_fetch(&attr, request.url().toString().toUtf8());
 }
diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp
index 03ed2a455d..0235790efe 100644
--- a/src/network/access/qnetworkrequest.cpp
+++ b/src/network/access/qnetworkrequest.cpp
@@ -1,6 +1,6 @@
 /****************************************************************************
 **
-** Copyright (C) 2016 The Qt Company Ltd.
+** Copyright (C) 2022 The Qt Company Ltd.
 ** Contact: https://www.qt.io/licensing/
 **
 ** This file is part of the QtNetwork module of the Qt Toolkit.
@@ -423,6 +423,11 @@ QT_BEGIN_NAMESPACE
                                        for example, to ask the user whether to
                                        accept the redirect, or to decide
                                        based on some app-specific configuration.
+
+    \note When Qt handles redirects it will, for legacy and compatibility
+    reasons, issue the redirected request using GET when the server returns
+    a 301 or 302 response, regardless of the original method used, unless it was
+    HEAD.
 */
 
 /*!
@@ -1036,9 +1041,10 @@ static QByteArray headerValue(QNetworkRequest::KnownHeaders header, const QVaria
     case QNetworkRequest::LastModifiedHeader:
     case QNetworkRequest::IfModifiedSinceHeader:
         switch (value.userType()) {
+            // Generate RFC 1123/822 dates:
         case QMetaType::QDate:
+            return QNetworkHeadersPrivate::toHttpDate(value.toDate().startOfDay(Qt::UTC));
         case QMetaType::QDateTime:
-            // generate RFC 1123/822 dates:
             return QNetworkHeadersPrivate::toHttpDate(value.toDateTime());
 
         default:
@@ -1482,8 +1488,7 @@ QDateTime QNetworkHeadersPrivate::fromHttpDate(const QByteArray &value)
 
 QByteArray QNetworkHeadersPrivate::toHttpDate(const QDateTime &dt)
 {
-    return QLocale::c().toString(dt, u"ddd, dd MMM yyyy hh:mm:ss 'GMT'")
-        .toLatin1();
+    return QLocale::c().toString(dt.toUTC(), u"ddd, dd MMM yyyy hh:mm:ss 'GMT'").toLatin1();
 }
 
 QT_END_NAMESPACE
diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp
index d9fe7bc47b..ccd04b294a 100644
--- a/src/network/kernel/qauthenticator.cpp
+++ b/src/network/kernel/qauthenticator.cpp
@@ -50,6 +50,7 @@
 #include <qstring.h>
 #include <qdatetime.h>
 #include <qrandom.h>
+#include "private/qsystemlibrary_p.h"
 
 #ifdef Q_OS_WIN
 #include <qmutex.h>
@@ -1563,7 +1564,7 @@ static bool q_SSPI_library_load()
 
     // Initialize security interface
     if (pSecurityFunctionTable == nullptr) {
-        securityDLLHandle = LoadLibrary(L"secur32.dll");
+        securityDLLHandle = QSystemLibrary::load(L"secur32");
         if (securityDLLHandle != nullptr) {
             INIT_SECURITY_INTERFACE pInitSecurityInterface =
                 reinterpret_cast<INIT_SECURITY_INTERFACE>(
diff --git a/src/network/kernel/qauthenticator_p.h b/src/network/kernel/qauthenticator_p.h
index 1813634ee0..b234925a0e 100644
--- a/src/network/kernel/qauthenticator_p.h
+++ b/src/network/kernel/qauthenticator_p.h
@@ -91,6 +91,7 @@ public:
 
     enum Phase {
         Start,
+        Phase1,
         Phase2,
         Done,
         Invalid
diff --git a/src/network/kernel/qhostinfo_unix.cpp b/src/network/kernel/qhostinfo_unix.cpp
index 9b0a2ee669..73679c9ef1 100644
--- a/src/network/kernel/qhostinfo_unix.cpp
+++ b/src/network/kernel/qhostinfo_unix.cpp
@@ -122,7 +122,6 @@ static QFunctionPointer resolveSymbol(QLibrary &lib, const char *sym)
 
 LibResolv::LibResolv()
 {
-    QLibrary lib;
 #ifdef LIBRESOLV_SO
     lib.setFileName(QStringLiteral(LIBRESOLV_SO));
     if (!lib.load())
diff --git a/src/network/kernel/qnetworkinterface.cpp b/src/network/kernel/qnetworkinterface.cpp
index 6e87a783a8..c89d7f898c 100644
--- a/src/network/kernel/qnetworkinterface.cpp
+++ b/src/network/kernel/qnetworkinterface.cpp
@@ -489,7 +489,7 @@ void QNetworkAddressEntry::clearAddressLifetime()
     \since 5.11
 
     Returns \c true if this address is permanent on this interface, \c false if
-    it's temporary. A permenant address is one which has no expiration time and
+    it's temporary. A permanent address is one which has no expiration time and
     is often static (manually configured).
 
     If this information could not be determined, this function returns \c true.
diff --git a/src/network/kernel/qnetworkinterface_unix.cpp b/src/network/kernel/qnetworkinterface_unix.cpp
index 4c57bff3bc..e7889b6249 100644
--- a/src/network/kernel/qnetworkinterface_unix.cpp
+++ b/src/network/kernel/qnetworkinterface_unix.cpp
@@ -113,6 +113,7 @@ uint QNetworkInterfaceManager::interfaceIndexFromName(const QString &name)
     qt_safe_close(socket);
     return id;
 #else
+    Q_UNUSED(name);
     return 0;
 #endif
 }
@@ -232,6 +233,7 @@ static QNetworkInterfacePrivate *findInterface(int socket, QList<QNetworkInterfa
             break;
         }
 #else
+    Q_UNUSED(socket);
     // Search by name
     QList<QNetworkInterfacePrivate *>::Iterator if_it = interfaces.begin();
     for ( ; if_it != interfaces.end(); ++if_it)
diff --git a/src/network/kernel/qnetworkproxy.cpp b/src/network/kernel/qnetworkproxy.cpp
index 3cabdd0bd5..f2864bdf93 100644
--- a/src/network/kernel/qnetworkproxy.cpp
+++ b/src/network/kernel/qnetworkproxy.cpp
@@ -189,7 +189,7 @@
 
     QNetworkProxy sets different capabilities by default when the
     object is created (see QNetworkProxy::ProxyType for a list of the
-    defaults). However, it is possible to change the capabitilies
+    defaults). However, it is possible to change the capabilities
     after the object has been created with setCapabilities().
 
     The capabilities that QNetworkProxy supports are:
diff --git a/src/network/socket/qabstractsocket.cpp b/src/network/socket/qabstractsocket.cpp
index e7fc17142e..59f8253c1a 100644
--- a/src/network/socket/qabstractsocket.cpp
+++ b/src/network/socket/qabstractsocket.cpp
@@ -1,6 +1,6 @@
 /****************************************************************************
 **
-** Copyright (C) 2016 The Qt Company Ltd.
+** Copyright (C) 2022 The Qt Company Ltd.
 ** Copyright (C) 2016 Intel Corporation.
 ** Contact: https://www.qt.io/licensing/
 **
@@ -437,7 +437,7 @@
 
     \value DontShareAddress Bind the address and port exclusively, so that
     no other services are allowed to rebind. By passing this option to
-    QAbstractSocket::bind(), you are guaranteed that on successs, your service
+    QAbstractSocket::bind(), you are guaranteed that on success, your service
     is the only one that listens to the address and port. No services are
     allowed to rebind, even if they pass ReuseAddressHint. This option
     provides more security than ShareAddress, but on certain operating
@@ -1404,12 +1404,29 @@ void QAbstractSocketPrivate::pauseSocketNotifiers(QAbstractSocket *socket)
     QAbstractSocketEngine *socketEngine = socket->d_func()->socketEngine;
     if (!socketEngine)
         return;
-    socket->d_func()->prePauseReadSocketNotifierState = socketEngine->isReadNotificationEnabled();
-    socket->d_func()->prePauseWriteSocketNotifierState = socketEngine->isWriteNotificationEnabled();
-    socket->d_func()->prePauseExceptionSocketNotifierState = socketEngine->isExceptionNotificationEnabled();
-    socketEngine->setReadNotificationEnabled(false);
-    socketEngine->setWriteNotificationEnabled(false);
-    socketEngine->setExceptionNotificationEnabled(false);
+    bool read = socketEngine->isReadNotificationEnabled();
+    bool write = socketEngine->isWriteNotificationEnabled();
+    bool except = socketEngine->isExceptionNotificationEnabled();
+
+#ifdef QABSTRACTSOCKET_DEBUG
+    qDebug() << socketEngine->socketDescriptor()
+             << "pause notifiers, storing 'true' states, currently read:" << read
+             << "write:" << write << "except:" << except;
+#endif
+    // We do this if-check to avoid accidentally overwriting any previously stored state
+    // It will reset to false once the socket is re-enabled.
+    if (read) {
+        socket->d_func()->prePauseReadSocketNotifierState = true;
+        socketEngine->setReadNotificationEnabled(false);
+    }
+    if (write) {
+        socket->d_func()->prePauseWriteSocketNotifierState = true;
+        socketEngine->setWriteNotificationEnabled(false);
+    }
+    if (except) {
+        socket->d_func()->prePauseExceptionSocketNotifierState = true;
+        socketEngine->setExceptionNotificationEnabled(false);
+    }
 }
 
 void QAbstractSocketPrivate::resumeSocketNotifiers(QAbstractSocket *socket)
@@ -1417,9 +1434,19 @@ void QAbstractSocketPrivate::resumeSocketNotifiers(QAbstractSocket *socket)
     QAbstractSocketEngine *socketEngine = socket->d_func()->socketEngine;
     if (!socketEngine)
         return;
-    socketEngine->setReadNotificationEnabled(socket->d_func()->prePauseReadSocketNotifierState);
-    socketEngine->setWriteNotificationEnabled(socket->d_func()->prePauseWriteSocketNotifierState);
-    socketEngine->setExceptionNotificationEnabled(socket->d_func()->prePauseExceptionSocketNotifierState);
+    QAbstractSocketPrivate *priv = socket->d_func();
+#ifdef QABSTRACTSOCKET_DEBUG
+    qDebug() << socketEngine->socketDescriptor()
+             << "Maybe resume notifiers, read:" << priv->prePauseReadSocketNotifierState
+             << "write:" << priv->prePauseWriteSocketNotifierState
+             << "exception:" << priv->prePauseExceptionSocketNotifierState;
+#endif
+    if (qExchange(priv->prePauseReadSocketNotifierState, false))
+        socketEngine->setReadNotificationEnabled(true);
+    if (qExchange(priv->prePauseWriteSocketNotifierState, false))
+        socketEngine->setWriteNotificationEnabled(true);
+    if (qExchange(priv->prePauseExceptionSocketNotifierState, false))
+        socketEngine->setExceptionNotificationEnabled(true);
 }
 
 QAbstractSocketEngine* QAbstractSocketPrivate::getSocketEngine(QAbstractSocket *socket)
diff --git a/src/network/socket/qabstractsocket_p.h b/src/network/socket/qabstractsocket_p.h
index 5aa69d747e..a20e0aacad 100644
--- a/src/network/socket/qabstractsocket_p.h
+++ b/src/network/socket/qabstractsocket_p.h
@@ -1,6 +1,6 @@
 /****************************************************************************
 **
-** Copyright (C) 2016 The Qt Company Ltd.
+** Copyright (C) 2022 The Qt Company Ltd.
 ** Contact: https://www.qt.io/licensing/
 **
 ** This file is part of the QtNetwork module of the Qt Toolkit.
@@ -162,9 +162,9 @@ public:
 
     QAbstractSocket::NetworkLayerProtocol preferredNetworkLayerProtocol;
 
-    bool prePauseReadSocketNotifierState;
-    bool prePauseWriteSocketNotifierState;
-    bool prePauseExceptionSocketNotifierState;
+    bool prePauseReadSocketNotifierState = false;
+    bool prePauseWriteSocketNotifierState = false;
+    bool prePauseExceptionSocketNotifierState = false;
     static void pauseSocketNotifiers(QAbstractSocket*);
     static void resumeSocketNotifiers(QAbstractSocket*);
     static QAbstractSocketEngine* getSocketEngine(QAbstractSocket*);
diff --git a/src/network/socket/qlocalserver.cpp b/src/network/socket/qlocalserver.cpp
index 5ca2db70b9..6190e27875 100644
--- a/src/network/socket/qlocalserver.cpp
+++ b/src/network/socket/qlocalserver.cpp
@@ -147,7 +147,7 @@ QLocalServer::~QLocalServer()
     In some cases, such as with Unix domain sockets on Linux, the
     access to the socket will be determined by file system permissions,
     and are created based on the umask. Setting the access flags will
-    overide this and will restrict or permit access as specified.
+    override this and will restrict or permit access as specified.
 
     Other Unix-based operating systems, such as \macos, do not
     honor file permissions for Unix domain sockets and by default
diff --git a/src/network/socket/qlocalsocket.cpp b/src/network/socket/qlocalsocket.cpp
index 8d93e1fa61..23f5af472b 100644
--- a/src/network/socket/qlocalsocket.cpp
+++ b/src/network/socket/qlocalsocket.cpp
@@ -90,7 +90,7 @@ QT_BEGIN_NAMESPACE
     Note that unlike in most other QIODevice subclasses, open() may not open the device directly.
     The function return false if the socket was already connected or if the server to connect
     to was not defined and true in any other case. The connected() or errorOccurred() signals will be
-    emitted once the device is actualy open (or the connection failed).
+    emitted once the device is actually open (or the connection failed).
 
     See connectToServer() for more details.
 */
diff --git a/src/network/socket/qnativesocketengine_unix.cpp b/src/network/socket/qnativesocketengine_unix.cpp
index e5b9fbbdb2..feb102b42a 100644
--- a/src/network/socket/qnativesocketengine_unix.cpp
+++ b/src/network/socket/qnativesocketengine_unix.cpp
@@ -46,6 +46,7 @@
 #include "qelapsedtimer.h"
 #include "qvarlengtharray.h"
 #include "qnetworkinterface.h"
+#include "qendian.h"
 #include <time.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -364,12 +365,12 @@ int QNativeSocketEnginePrivate::option(QNativeSocketEngine::SocketOption opt) co
     }
 
     int n, level;
-    int v = -1;
+    int v = 0;
     QT_SOCKOPTLEN_T len = sizeof(v);
 
     convertToLevelAndOption(opt, socketProtocol, level, n);
     if (n != -1 && ::getsockopt(socketDescriptor, level, n, (char *) &v, &len) != -1)
-        return v;
+        return len == 1 ? qFromUnaligned<quint8>(&v) : v;
 
     return -1;
 }
diff --git a/src/network/ssl/qdtls.cpp b/src/network/ssl/qdtls.cpp
index 74fb691dde..29a4df0f41 100644
--- a/src/network/ssl/qdtls.cpp
+++ b/src/network/ssl/qdtls.cpp
@@ -876,7 +876,7 @@ bool QDtls::startHandshake(QUdpSocket *socket, const QByteArray &datagram)
 }
 
 /*!
-    If a timeout occures during the handshake, the handshakeTimeout() signal
+    If a timeout occurs during the handshake, the handshakeTimeout() signal
     is emitted. The application must call handleTimeout() to retransmit handshake
     messages; handleTimeout() returns \c true if a timeout has occurred, false
     otherwise. \a socket must be a valid pointer.
diff --git a/src/network/ssl/qocspresponse.cpp b/src/network/ssl/qocspresponse.cpp
index 7fc83fa54a..51c9f71b71 100644
--- a/src/network/ssl/qocspresponse.cpp
+++ b/src/network/ssl/qocspresponse.cpp
@@ -53,7 +53,7 @@ QT_BEGIN_NAMESPACE
     \ingroup ssl
     \inmodule QtNetwork
 
-    The QOcspResponse class represents the revocation status of a server's certficate,
+    The QOcspResponse class represents the revocation status of a server's certificate,
     received by the client-side socket during the TLS handshake. QSslSocket must be
     configured with OCSP stapling enabled.
 
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 6367ee10c1..5bb6e7ee4a 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -188,7 +188,7 @@
     behavior is identical to QTcpSocket.
 
     \value SslClientMode The socket is a client-side SSL socket.
-    It is either alreayd encrypted, or it is in the SSL handshake
+    It is either already encrypted, or it is in the SSL handshake
     phase (see QSslSocket::isEncrypted()).
 
     \value SslServerMode The socket is a server-side SSL socket.