7 files changed, 274 insertions, 7 deletions
diff --git a/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
index 284201db29..4ee4b67ec0 100644
--- a/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
+++ b/tests/auto/network/access/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
@@ -451,7 +451,7 @@ void tst_QNetworkCookieJar::effectiveTLDs_data()
     QTest::newRow("yes-wildcard1.5") << "anything.jm" << true;
     QTest::newRow("yes-wildcard2") << "something.kh" << true;
     QTest::newRow("yes-wildcard3") << "whatever.uk" << true;
-    QTest::newRow("yes-wildcard4") << "anything.shizuoka.jp" << true;
+    QTest::newRow("yes-wildcard4") << "anything.sendai.jp" << true;
     QTest::newRow("yes-wildcard5") << "foo.sch.uk" << true;
 }
 
diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
index 624ce5e800..bcc0641973 100644
--- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
@@ -71,6 +71,9 @@
 #ifndef QT_NO_SSL
 #include <QtNetwork/qsslerror.h>
 #include <QtNetwork/qsslconfiguration.h>
+#ifdef QT_BUILD_INTERNAL
+#include <QtNetwork/private/qsslconfiguration_p.h>
+#endif
 #endif
 #ifndef QT_NO_BEARERMANAGEMENT
 #include <QtNetwork/qnetworkconfigmanager.h>
@@ -173,6 +176,9 @@ public Q_SLOTS:
     void sslErrors(QNetworkReply*,const QList<QSslError> &);
     void storeSslConfiguration();
     void ignoreSslErrorListSlot(QNetworkReply *reply, const QList<QSslError> &);
+#ifdef QT_BUILD_INTERNAL
+    void sslSessionSharingHelperSlot();
+#endif
 #endif
 
 protected Q_SLOTS:
@@ -355,8 +361,13 @@ private Q_SLOTS:
     void ignoreSslErrorsList();
     void ignoreSslErrorsListWithSlot_data();
     void ignoreSslErrorsListWithSlot();
+    void encrypted();
     void sslConfiguration_data();
     void sslConfiguration();
+#ifdef QT_BUILD_INTERNAL
+    void sslSessionSharing_data();
+    void sslSessionSharing();
+#endif
 #endif
 
     void getAndThenDeleteObject_data();
@@ -5857,6 +5868,24 @@ void tst_QNetworkReply::sslConfiguration_data()
     QTest::newRow("secure") << conf << true;
 }
 
+void tst_QNetworkReply::encrypted()
+{
+    qDebug() << QtNetworkSettings::serverName();
+    QUrl url("https://" + QtNetworkSettings::serverName());
+    QNetworkRequest request(url);
+    QNetworkReply *reply = manager.get(request);
+    reply->ignoreSslErrors();
+
+    QSignalSpy spy(reply, SIGNAL(encrypted()));
+    connect(reply, SIGNAL(finished()), &QTestEventLoop::instance(), SLOT(exitLoop()));
+    QTestEventLoop::instance().enterLoop(20);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+
+    QCOMPARE(spy.count(), 1);
+
+    reply->deleteLater();
+}
+
 void tst_QNetworkReply::sslConfiguration()
 {
     QNetworkRequest request(QUrl("https://" + QtNetworkSettings::serverName() + "/index.html"));
@@ -5871,6 +5900,73 @@ void tst_QNetworkReply::sslConfiguration()
     QCOMPARE(reply->error(), expectedError);
 }
 
+#ifdef QT_BUILD_INTERNAL
+
+void tst_QNetworkReply::sslSessionSharing_data()
+{
+    QTest::addColumn<bool>("sessionSharingEnabled");
+    QTest::newRow("enabled") << true;
+    QTest::newRow("disabled") << false;
+}
+
+void tst_QNetworkReply::sslSessionSharing()
+{
+    QString urlString("https://" + QtNetworkSettings::serverName());
+    QList<QNetworkReplyPtr> replies;
+
+    // warm up SSL session cache
+    QNetworkRequest warmupRequest(urlString);
+    QFETCH(bool, sessionSharingEnabled);
+    warmupRequest.setAttribute(QNetworkRequest::User, sessionSharingEnabled); // so we can read it from the slot
+    if (! sessionSharingEnabled) {
+        QSslConfiguration configuration(QSslConfiguration::defaultConfiguration());
+        configuration.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
+        warmupRequest.setSslConfiguration(configuration);
+    }
+    QNetworkReply *reply = manager.get(warmupRequest);
+    reply->ignoreSslErrors();
+    connect(reply, SIGNAL(finished()), &QTestEventLoop::instance(), SLOT(exitLoop()));
+    QTestEventLoop::instance().enterLoop(20);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+    QCOMPARE(reply->error(), QNetworkReply::NoError);
+    reply->deleteLater();
+
+    // now send several requests at the same time, so we open more sockets and reuse the SSL session
+    for (int a = 0; a < 6; a++) {
+        QNetworkRequest request(warmupRequest);
+        replies.append(QNetworkReplyPtr(manager.get(request)));
+        connect(replies.at(a), SIGNAL(finished()), this, SLOT(sslSessionSharingHelperSlot()));
+    }
+    QTestEventLoop::instance().enterLoop(20);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+}
+
+void tst_QNetworkReply::sslSessionSharingHelperSlot()
+{
+    static int count = 0;
+
+    // check that SSL session sharing was used in at least one of the replies
+    static bool sslSessionSharingWasUsed = false;
+    QNetworkReply *reply = qobject_cast<QNetworkReply *>(sender());
+    bool sslSessionSharingWasUsedInReply = QSslConfigurationPrivate::peerSessionWasShared(reply->sslConfiguration());
+    if (sslSessionSharingWasUsedInReply)
+        sslSessionSharingWasUsed = true;
+
+    QString urlQueryString = reply->url().query();
+    QCOMPARE(reply->error(), QNetworkReply::NoError);
+
+    count++;
+
+    if (count == 6) { // all replies have finished
+        QTestEventLoop::instance().exitLoop();
+        bool sessionSharingWasEnabled = reply->request().attribute(QNetworkRequest::User).toBool();
+        QCOMPARE(sslSessionSharingWasUsed, sessionSharingWasEnabled);
+        count = 0; // reset for next row
+        sslSessionSharingWasUsed = false; // reset for next row
+    }
+}
+
+#endif // QT_BUILD_INTERNAL
 #endif // QT_NO_SSL
 
 void tst_QNetworkReply::getAndThenDeleteObject_data()
diff --git a/tests/auto/network/ssl/qsslsocket/certs/ca.crt b/tests/auto/network/ssl/qsslsocket/certs/ca.crt
new file mode 100644
index 0000000000..5cbe8ef726
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAl2gAwIBAgIQAKraD9BoqaSa75qOqcP7ZTANBgkqhkiG9w0BAQUFADA8
+MQswCQYDVQQGEwJHQjEZMBcGA1UEChMQV2VzdHBvaW50IENBIEtleTESMBAGA1UE
+ChMJV2VzdHBvaW50MB4XDTEzMDIxNjE2NTMwOFoXDTIzMDIxNjE2NTMwOFowPDEL
+MAkGA1UEBhMCR0IxGTAXBgNVBAoTEFdlc3Rwb2ludCBDQSBLZXkxEjAQBgNVBAoT
+CVdlc3Rwb2ludDCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExAJv0H92j
+WjDB9h1DmSQzt772IPSirpE82sN9ls5J19TJcPnw49LdUUqkELJkpS1ty2hYPdUw
+7q3n00D+nzS+rt1QIDSKwDVoqeIyFZw4h0ULbASErfy51xBjVIr6NNoiqazp59wQ
+RDvqps7of+b/NcbOh73MsiYi8T5OoI4Quv9rMBefQTAI3d2NRQ4GUzS6Hzh2INOc
+4twApTDYY+yrU8IalXttIOVdKJZTHeTCdIXD3HMfHCkzyELz8rCI1/wDEp8zyoqF
+/tpBStZ5LUSrlRRM7PegqcnM+aojXyrEiXBvPuqO7tabU3nsfix9+8+7GDweDXsP
+OUHv+ahGNTUya7hBDaQmVk3/5hbig9kQlNiOcvcdnYYyJqiXhvjPPzOBbRaFNvBT
+uG/ehHNHYsdhEBkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8E
+BQMDBwYAMB0GA1UdDgQWBBSUJzi1uYQUxqb3Nr33LOLCaUUTyTANBgkqhkiG9w0B
+AQUFAAOCATEAPeGh2GiIhT3cii3DU8ihd5TmnEstuHKz2FwHDChmen0zxE8lf08/
+onL1yIeaxbDA8KwZnv71/zZHJv02sPtIMUfuXQc0wOIFjDf0ngc6xIBuU7FUpLxF
+2dK7g9OsiNeC7L/ZemRXgpJURdNF2Ujge9/H9yfpHFBXZztmaWir+TXc5g3PKIu6
+97t75Og+stPhTcSlph8ZHYep08b2uthCfcnuIRGeDW9LkfR8VugnuUf7GoIlqSTs
+SR6bNuyTnnCHQMJzbsQ472+ag3aZS5HzoR8wyGiPmpc43lQM5ZEDrWGu8bub2gKa
+/+KeqHd0wnl7Y5cxnmAptQjxvzBXX/pl4sWczesiGcYm5z5mabp4CY09Y8JtrJZT
+IJodXy9ykRmEurgtRoRVc1aSp+xfV725bQ==
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslsocket/certs/inter.crt b/tests/auto/network/ssl/qsslsocket/certs/inter.crt
new file mode 100644
index 0000000000..4e1d67c3e0
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/inter.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAnSgAwIBAgIQO+uZxerYC10Ll11PBnVL4TANBgkqhkiG9w0BAQUFADA8
+MQswCQYDVQQGEwJHQjEZMBcGA1UEChMQV2VzdHBvaW50IENBIEtleTESMBAGA1UE
+ChMJV2VzdHBvaW50MB4XDTEzMDIxNjE2NTMwOFoXDTIzMDIxNjE2NTMwOFowMjEL
+MAkGA1UEBhMCR0IxIzAhBgNVBAoTGldlc3Rwb2ludCBJbnRlcm1lZGlhdGUgS2V5
+MIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAsR4tRskg2IFfQFMfGBJ1
+eqlrNejANw0oM6k5HlEB8uFA9qeyAzmflwQUPoJ55KRQ/gVHTOBdWrtgGgPMiekF
+1Q36Ry1elwbAl4a+LZ6qsc9ASipvk8HirKpt1v5L9hG+aI4yDxyvjNztFtg5R4P5
+zqsh/WwhCgsYmEVfcSDbhUjqoqxGRLaZxPKO+IMCNFrjZqi0yxc8f6Un4G5SQzHA
+4szi/ezcITnAFYWxHG2yaed4hawpxNS1WXabk2rzCi0pWeIcHuIczaCfZ7ElRcqV
+VNNXbGTtUDlfIsh6FAVI5kTUDcPV27uf6BmHuFOu/R9Tjni25+vBFvohwQh7ZwCX
+5COXnfkJLPkJQQEFVQv8nS27ht/vmyoKjERUeiuMd+hFcN5zl7bS5A2JCgi7erlP
+ZQIDAQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD
+VR0OBBYEFGn5shQ0SeTcc3x/cNu6TkoV0bPmMB8GA1UdIwQYMBaAFJQnOLW5hBTG
+pvc2vfcs4sJpRRPJMA0GCSqGSIb3DQEBBQUAA4IBMQAVDS0enQQ1FL0d92xOFfwx
+mjcNPz9oO7jMyEVxAs2eR2QD+xZ3Xj4gAiUEp40aGieDcLv+dg+cmuBFWF61IYSR
+UyuoakVm08VDcLAwUzU+xtSvJiSSROb0GsAnVsYZj4TYlvKDplqfapOYaiIkwF+c
+iE4n7G0hQW9fzqO+n3FGtBD8YUjghRqLggeRVJ2+8S3Bm8cfx8xPpRIO3ksA6opn
+CORRGuzetDHihbks59mkoY3GqKFgBOyrC3kG07nv5wtKjdKDtmD/kS/SAc4fIXKy
+Uruq2uXNf/1BUgF5gFGRyj22yB2D0763fJJpl5nqcLrL5RmnVObQKZGhE2VsRTV0
+untj+AmiJivhiAjjkHfw3XDf8tuL7D4pTmEkGgl5xl23fyeTIuygDCLT8fRD3ZqQ
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslsocket/certs/leaf.crt b/tests/auto/network/ssl/qsslsocket/certs/leaf.crt
new file mode 100644
index 0000000000..4a7dc40540
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/leaf.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3zCCApegAwIBAgIQEKCtd1j2bq5Gk6ND+VmKnjANBgkqhkiG9w0BAQUFADAy
+MQswCQYDVQQGEwJHQjEjMCEGA1UEChMaV2VzdHBvaW50IEludGVybWVkaWF0ZSBL
+ZXkwHhcNMTMwMjE2MTY1MzA4WhcNMjMwMjE2MTY1MzA4WjA1MQswCQYDVQQGEwJH
+QjESMBAGA1UEChMJV2VzdHBvaW50MRIwEAYDVQQDEwkxMjcuMC4wLjEwggFSMA0G
+CSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC7EIWIzb7XCfmQQ1KFdZ5E9f49eNK/
+KvsXYfq/iV29K1cz2hUyvfdKgyU5F/+BOPQKQ5zdWn1CraZosFv/ibuO3mhRpMfB
+SfNn3rfdrE7WtA0wgT2YNIN0L4aCe+C15j2ESdmyMaFLUaUIS47JS66UtaYxp5ia
+mJFO1hSNaoI0pGHyPFTTtfOza9z/01qkBbHB4htzauqs/fX5ZrnyCDSrfpVipXke
+zkPKg4MkkytEkjRKw6tSXLpWIgF3ee2N/jBdefqlw8YPW08K0wmwF5qGuX6PZ8vB
+sOZeWeCfVr136BopkbfP3TkGWw2BrD8xSzOUez9HVc0v4SZ/7pe5w3L4V/mzYQLt
+O+1AHevCjX8+M58HYGBaWCAjxYUPGcGKcj0LLtgZgL6wY88N7RtfeOY3AgMBAAGj
+gY0wgYowFAYDVR0RBA0wC4IJMTI3LjAuMC4xMAwGA1UdEwEB/wQCMAAwEwYDVR0l
+BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwcoADAdBgNVHQ4EFgQUKKuyJSrT
+Y+dnm1do7l0sVMX96SYwHwYDVR0jBBgwFoAUafmyFDRJ5NxzfH9w27pOShXRs+Yw
+DQYJKoZIhvcNAQEFBQADggExAHELijlIFdcncP3B+vxEp0SGKl0arIaCXahivb2F
+VxeM3WajN6O+oDRLFltzMeDKA9RVkao7fgITzXQgCGzeNhKv0vc9iDyvR9/67vuS
+W8xEEJrYowtw3VK5H1y0ewqZaxJhvKUjm4TBRWe8FGKD3s64lEsfbjOaI5VPidVc
+DXmdAlXsj0Hk+v4Ej8mshPQAnVSyJ3D0ZMgTjk8Di28N0qROFIYJaTObK1rCb1nQ
+GaCcmbZU6JnkYvVZ+iUe5U0GXFbb+LRNTUT8/fw1zADeHnv/G+WWVrfND+sov5Oc
+33fkNE6z+n6ayABVnGLuCYhbzD38sv0dnxeh8vbykNBPzYdzPg6nw3Czv2vlhKpJ
+8Yj/maoXuAyTXVf30K1/fAWyU45noq57MjQpU6UxIX1D7qw=
+-----END CERTIFICATE-----
diff --git a/tests/auto/network/ssl/qsslsocket/certs/leaf.key b/tests/auto/network/ssl/qsslsocket/certs/leaf.key
new file mode 100644
index 0000000000..54327925d8
--- /dev/null
+++ b/tests/auto/network/ssl/qsslsocket/certs/leaf.key
@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIFfAIBAAKCATEAuxCFiM2+1wn5kENShXWeRPX+PXjSvyr7F2H6v4ldvStXM9oV
+Mr33SoMlORf/gTj0CkOc3Vp9Qq2maLBb/4m7jt5oUaTHwUnzZ9633axO1rQNMIE9
+mDSDdC+GgnvgteY9hEnZsjGhS1GlCEuOyUuulLWmMaeYmpiRTtYUjWqCNKRh8jxU
+07Xzs2vc/9NapAWxweIbc2rqrP31+Wa58gg0q36VYqV5Hs5DyoODJJMrRJI0SsOr
+Uly6ViIBd3ntjf4wXXn6pcPGD1tPCtMJsBeahrl+j2fLwbDmXlngn1a9d+gaKZG3
+z905BlsNgaw/MUszlHs/R1XNL+Emf+6XucNy+Ff5s2EC7TvtQB3rwo1/PjOfB2Bg
+WlggI8WFDxnBinI9Cy7YGYC+sGPPDe0bX3jmNwIDAQABAoIBMQCczBNyAStGqjjC
+oHuKHHWmTh9mPWFBFfDTv6/jXmvxRWPZtaHxH2Qp09Wejqv/D9MWy2ev7spx2oZS
+2Ai1ICjTbz83uAwryyW4Wen6aBTJSLCJiLstWk8ZU0DHHLjVH4FO4mwUPh95t5zC
+YDr2JXbXdY8xrc5vPxUFZNJjWvR61ZK37bQYpTn5mZ7r3KfsNk2yOylRTDwa9XFo
+ZZ+B82NKdrrz0UvGOnXZa5qd1ap7V+67FIAS2Mt8AMzSCG8TW0JXRUk89ISgAd8r
+NQTPtX9XCnMZSbBzDKdznXfHS9ZlJcSrpsbQCPcvMVNrdBfCF0eNnsRJffJGdaXI
+MsN6PvbcXWD08lXNGyeLjon03RdJnTAamNM3YQEIcjFmu5Y0o0CCJkZSCJPKJGMG
+0d/1tN/5AoGZANOcOgQZ9Wiu0ej3YoQ3aSHu3y8ZBJH4B3ViX8i+2x/6UnG7KNaa
+4Ygid1upnX6hk4CW5WZcoxGFacrFRpInKh5Ng8lEIHGp0VSzOBVDR0L5sAxutFuX
+6N9C0CuH80vD101mOloNnfT5KHZMI5RXqP6sDGUFlwak2XybDL1qOAza3gZAy25H
+vS/ll1BneBavikR5j+zxoTztAoGZAOJOJ5RyOrqpNuhiWZylah5LIFT9N1lCF4Hl
+ZbFIjUZ4jcApJ7JxkMXNQ4RU/3AiKCC1xr5ib7dd/qyjKXhdMo4SnLoKhapx5R9G
+3XOsQMahiCD/Zcymv9tmk8MxxzbLxhZYhEPzIP/NFkua3CHiX+d1e6fkzFLF/EiX
+ZGQOgRcFKrlzUeBputRQRXAkKJH+kMClgAWvy28zAoGYKyaMXhG9DV+4xjzMBhIW
+iijfsgbz+6AMRU+OIK1qmZa+ARsdNMXYf54noLVxvETOg0ZB+SGizwvZitO3lE4Q
+NKWx3fTaeNMcMJ1rLkrN2UZ5M8/PT24muoAxWu8aGbURzmKuO3bTYwT7z0OvbayC
+dYw36tG8/knXX6Vub6GdVGG9LKFB2nceiQnUVT0EK/wXwebYBoUvT/ECgZgF9qdG
+Wyg/CPyAbS8NWLKOL86fTrjpqjsyWhgu7smCROT/XlZEdoepHrqbvx2oF85U5lVh
+aPimrVxrsjUCjfoqEkV9BY/2KOAvzc9CIBTo5xLOQ8yr8uz1XCOiriogwIfsyNJb
+dAm3k/D1dxQ79FowoEDs8LONrtfyFcM4e8VdFO7GSkqrDj41IBRkWx+SkVHBMdtI
+yxQiTwKBmQCWym2iDCJg1ZZq4/lVwRudMhVmHoD0yoCAwADYHjjAi8QBplM0vfdd
+CESKsnBhlcrPGB279BKVJyZHehKZG+/dfnFs+to14l6A3IqU2d6+pu3EyFNX34HS
+xo+64QxMeF0akWnSaIPfUJfk36phjCvLBr4eLXN1i4jW3RdGFwF1THXt29VSSGmU
+q/hM51H0bsQ13AIVUSdNHA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index a2bb1ec705..d1ff60ea70 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -142,6 +142,8 @@ private slots:
     void protocolServerSide();
     void setCaCertificates();
     void setLocalCertificate();
+    void localCertificateChain();
+    void setLocalCertificateChain();
     void setPrivateKey();
     void setSocketDescriptor();
     void setSslConfiguration_data();
@@ -927,15 +929,20 @@ class SslServer : public QTcpServer
 {
     Q_OBJECT
 public:
-    SslServer(const QString &keyFile = SRCDIR "certs/fluke.key", const QString &certFile = SRCDIR "certs/fluke.cert")
+    SslServer(const QString &keyFile = SRCDIR "certs/fluke.key",
+              const QString &certFile = SRCDIR "certs/fluke.cert",
+              const QString &interFile = QString())
         : socket(0),
           protocol(QSsl::TlsV1_0),
           m_keyFile(keyFile),
-          m_certFile(certFile) { }
+          m_certFile(certFile),
+          m_interFile(interFile)
+          { }
     QSslSocket *socket;
     QSsl::SslProtocol protocol;
     QString m_keyFile;
     QString m_certFile;
+    QString m_interFile;
 
 protected:
     void incomingConnection(qintptr socketDescriptor)
@@ -950,10 +957,24 @@ protected:
         QVERIFY(!key.isNull());
         socket->setPrivateKey(key);
 
-        QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
-        QVERIFY(!localCert.isEmpty());
-        QVERIFY(localCert.first().handle());
-        socket->setLocalCertificate(localCert.first());
+        // If we have a cert issued directly from the CA
+        if (m_interFile.isEmpty()) {
+            QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
+            QVERIFY(!localCert.isEmpty());
+            QVERIFY(localCert.first().handle());
+            socket->setLocalCertificate(localCert.first());
+        }
+        else {
+            QList<QSslCertificate> localCert = QSslCertificate::fromPath(m_certFile);
+            QVERIFY(!localCert.isEmpty());
+            QVERIFY(localCert.first().handle());
+
+            QList<QSslCertificate> interCert = QSslCertificate::fromPath(m_interFile);
+            QVERIFY(!interCert.isEmpty());
+            QVERIFY(interCert.first().handle());
+
+            socket->setLocalCertificateChain(localCert + interCert);
+        }
 
         QVERIFY(socket->setSocketDescriptor(socketDescriptor, QAbstractSocket::ConnectedState));
         QVERIFY(!socket->peerAddress().isNull());
@@ -1100,6 +1121,55 @@ void tst_QSslSocket::setLocalCertificate()
 {
 }
 
+void tst_QSslSocket::localCertificateChain()
+{
+    if (!QSslSocket::supportsSsl())
+        return;
+
+    QSslSocket socket;
+    socket.setLocalCertificate(QLatin1String(SRCDIR "certs/fluke.cert"));
+
+    QSslConfiguration conf = socket.sslConfiguration();
+    QList<QSslCertificate> chain = conf.localCertificateChain();
+    QCOMPARE(chain.size(), 1);
+    QCOMPARE(chain[0], conf.localCertificate());
+    QCOMPARE(chain[0], socket.localCertificate());
+}
+
+void tst_QSslSocket::setLocalCertificateChain()
+{
+    if (!QSslSocket::supportsSsl())
+        return;
+
+    QFETCH_GLOBAL(bool, setProxy);
+    if (setProxy)
+        return;
+
+    SslServer server(QLatin1String(SRCDIR "certs/leaf.key"),
+                     QLatin1String(SRCDIR "certs/leaf.crt"),
+                     QLatin1String(SRCDIR "certs/inter.crt"));
+
+    QVERIFY(server.listen());
+
+    QEventLoop loop;
+    QTimer::singleShot(5000, &loop, SLOT(quit()));
+
+    socket = new QSslSocket();
+    connect(socket, SIGNAL(encrypted()), &loop, SLOT(quit()));
+    connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), &loop, SLOT(quit()));
+    connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
+
+    socket->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort());
+    loop.exec();
+
+    QList<QSslCertificate> chain = socket->peerCertificateChain();
+    QCOMPARE(chain.size(), 2);
+    QCOMPARE(chain[0].serialNumber(), QByteArray("10:a0:ad:77:58:f6:6e:ae:46:93:a3:43:f9:59:8a:9e"));
+    QCOMPARE(chain[1].serialNumber(), QByteArray("3b:eb:99:c5:ea:d8:0b:5d:0b:97:5d:4f:06:75:4b:e1"));
+
+    socket->deleteLater();
+}
+
 void tst_QSslSocket::setPrivateKey()
 {
 }
@@ -1533,6 +1603,8 @@ public slots:
 
 void tst_QSslSocket::setReadBufferSize_task_250027()
 {
+    QSKIP("QTBUG-29730 - flakey test blocking integration");
+
     // do not execute this when a proxy is set.
     QFETCH_GLOBAL(bool, setProxy);
     if (setProxy)