From 4ad98906e9931b50a51080a7880951a173c4c3f9 Mon Sep 17 00:00:00 2001
From: Axel Spoerl <axel.spoerl@qt.io>
Date: Thu, 30 Mar 2023 08:31:50 +0200
Subject: tst_QSslSocket_onDemandCertificates_member: Blacklist Windows & debug
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The test function occasionally can fail on CI/Windows, when a
certificate update on www.qt.io requires installing a new root
certificate on the test VM.

This patch blacklists the test class (which has only one test function)
on Windows. It adds diagnostic output, so future failure reasons can
be established from CI artifacts.

Task-number: QTBUG-63481
Change-Id: If686d006f379fe6dbfb0d11d80b8455f72fdbb09
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 7350088ab7ef55f51325fc6a48320a1cdc87bd28)
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 2ce584cf5a4174f0af44192ec3b721b38b22e383)
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
---
 .../qsslsocket_onDemandCertificates_member/BLACKLIST    |  8 ++++++--
 .../tst_qsslsocket_onDemandCertificates_member.cpp      | 17 +++++++++++------
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST
index 4eea966b13..96d94bd935 100644
--- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST
+++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/BLACKLIST
@@ -1,3 +1,7 @@
 # QTBUG-101274
-[onDemandRootCertLoadingMemberMethods:WithoutProxy]
-qnx ci
+# [onDemandRootCertLoadingMemberMethods:WithoutProxy]
+# qnx ci
+
+# QTBUG-63481
+[onDemandRootCertLoadingMemberMethods]
+*
diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
index 759fad6a02..5f1533e09b 100644
--- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
+++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member.cpp
@@ -219,6 +219,7 @@ static bool waitForEncrypted(QSslSocket *socket)
 
 void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMethods()
 {
+#define ERR(socket) socket->errorString().toLatin1()
     const QString host("www.qt.io");
 
     // not using any root certs -> should not work
@@ -228,13 +229,13 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe
     sslConfig.setCaCertificates(QList<QSslCertificate>());
     socket2->setSslConfiguration(sslConfig);
     socket2->connectToHostEncrypted(host, 443);
-    QVERIFY(!waitForEncrypted(socket2.data()));
+    QVERIFY2(!waitForEncrypted(socket2.data()), ERR(socket2));
 
     // default: using on demand loading -> should work
     QSslSocketPtr socket = newSocket();
     this->socket = socket.data();
     socket->connectToHostEncrypted(host, 443);
-    QVERIFY2(waitForEncrypted(socket.data()), qPrintable(socket->errorString()));
+    QVERIFY2(waitForEncrypted(socket.data()), ERR(socket));
 
     // not using any root certs again -> should not work
     QSslSocketPtr socket3 = newSocket();
@@ -243,7 +244,7 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe
     sslConfig.setCaCertificates(QList<QSslCertificate>());
     socket3->setSslConfiguration(sslConfig);
     socket3->connectToHostEncrypted(host, 443);
-    QVERIFY(!waitForEncrypted(socket3.data()));
+    QVERIFY2(!waitForEncrypted(socket3.data()), ERR(socket3));
 
     // setting empty SSL configuration explicitly -> depends on on-demand loading
     QSslSocketPtr socket4 = newSocket();
@@ -254,16 +255,20 @@ void tst_QSslSocket_onDemandCertificates_member::onDemandRootCertLoadingMemberMe
 #ifdef QT_BUILD_INTERNAL
     const bool works = QSslSocketPrivate::rootCertOnDemandLoadingSupported();
 #if defined(Q_OS_LINUX) || defined(Q_OS_WIN)
-    QCOMPARE(works, true);
+    QVERIFY2(works, ERR(socket4));
 #elif defined(Q_OS_MAC)
-    QCOMPARE(works, false);
+    QVERIFY2(!works, ERR(socket4));
 #endif // other platforms: undecided.
     // When we *allow* on-demand loading, we enable it by default; so, on Unix,
     // it will work without setting any certificates.  Otherwise, the configuration
     // contains an empty set of certificates, so on-demand loading shall fail.
-   QCOMPARE(waitForEncrypted(socket4.data()), works);
+    const bool result = waitForEncrypted(socket4.data());
+    if (result != works)
+        qDebug() << socket4->errorString();
+    QCOMPARE(waitForEncrypted(socket4.data()), works);
 #endif // QT_BUILD_INTERNAL
 }
+#undef ERR
 
 #endif // QT_NO_OPENSSL
 
-- 
cgit v1.2.3