Allow leaving OCSP off

This form of OCSP is not good, so try to at least allow it to be
disabled, until we remove it.

Fixes: QTBUG-91467
Change-Id: Ied9e8c4960e6ea1503dea39ebbced2ad1af08d5d
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>

5 files changed, 24 insertions, 14 deletions

diff --git a/src/core/profile_adapter.cpp b/src/core/profile_adapter.cpp
index dff98717d..4dab8aa34 100644
--- a/src/core/profile_adapter.cpp
+++ b/src/core/profile_adapter.cpp
@@ -87,6 +87,9 @@ inline QString buildLocationFromStandardPath(const QString &standardPath, const
 
 namespace QtWebEngineCore {
 
+// static
+QPointer<ProfileAdapter> ProfileAdapter::s_profileForGlobalCertificateVerification;
+
 ProfileAdapter::ProfileAdapter(const QString &storageName):
       m_name(storageName)
     , m_offTheRecord(storageName.isEmpty())
@@ -654,26 +657,26 @@ void ProfileAdapter::setUseForGlobalCertificateVerification(bool enable)
     if (m_usedForGlobalCertificateVerification == enable)
         return;
 
-    static QPointer<ProfileAdapter> profileForglobalCertificateVerification;
-
     m_usedForGlobalCertificateVerification = enable;
     if (enable) {
-        if (profileForglobalCertificateVerification) {
-            profileForglobalCertificateVerification->m_usedForGlobalCertificateVerification = false;
-            if (!m_profile->m_profileIOData->isClearHttpCacheInProgress())
-                profileForglobalCertificateVerification->m_profile->m_profileIOData->resetNetworkContext();
-            for (auto *client : qAsConst(profileForglobalCertificateVerification->m_clients))
+        if (s_profileForGlobalCertificateVerification) {
+            s_profileForGlobalCertificateVerification->m_usedForGlobalCertificateVerification = false;
+            for (auto *client : qAsConst(s_profileForGlobalCertificateVerification->m_clients))
                 client->useForGlobalCertificateVerificationChanged();
+        } else {
+            // OCSP enabled
+            for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters))
+                adapter->m_profile->m_profileIOData->resetNetworkContext();
         }
-        profileForglobalCertificateVerification = this;
+        s_profileForGlobalCertificateVerification = this;
     } else {
-        Q_ASSERT(profileForglobalCertificateVerification);
-        Q_ASSERT(profileForglobalCertificateVerification == this);
-        profileForglobalCertificateVerification = nullptr;
+        Q_ASSERT(s_profileForGlobalCertificateVerification);
+        Q_ASSERT(s_profileForGlobalCertificateVerification == this);
+        s_profileForGlobalCertificateVerification = nullptr;
+        // OCSP disabled
+        for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters))
+            adapter->m_profile->m_profileIOData->resetNetworkContext();
     }
-
-    if (!m_profile->m_profileIOData->isClearHttpCacheInProgress())
-        m_profile->m_profileIOData->resetNetworkContext();
 }
 
 bool ProfileAdapter::isUsedForGlobalCertificateVerification() const
diff --git a/src/core/profile_adapter.h b/src/core/profile_adapter.h
index efd56e50e..caeff246a 100644
--- a/src/core/profile_adapter.h
+++ b/src/core/profile_adapter.h
@@ -216,6 +216,7 @@ public:
 
     QString determineDownloadPath(const QString &downloadDirectory, const QString &suggestedFilename, const time_t &startTime);
 
+    static QPointer<ProfileAdapter> s_profileForGlobalCertificateVerification;
 private:
     void updateCustomUrlSchemeHandlers();
     void resetVisitedLinksManager();
diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp
index 68e674f01..8e6c8fed3 100644
--- a/src/core/profile_io_data_qt.cpp
+++ b/src/core/profile_io_data_qt.cpp
@@ -224,6 +224,9 @@ void ProfileIODataQt::ConfigureNetworkContextParams(bool in_memory,
 
     SystemNetworkContextManager::GetInstance()->ConfigureDefaultNetworkContextParams(network_context_params);
 
+    // FIXME: Faking old behavior to allow not enabling OCSP
+    network_context_params->initial_ssl_config->rev_checking_enabled = !ProfileAdapter::s_profileForGlobalCertificateVerification.isNull();
+
     network_context_params->context_name = m_storageName.toStdString();
     network_context_params->user_agent = m_httpUserAgent.toStdString();
     network_context_params->accept_language = m_httpAcceptLanguage.toStdString();
diff --git a/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml b/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml
index 4c252e210..50e88ef60 100644
--- a/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml
+++ b/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml
@@ -55,6 +55,7 @@ TestWebEngineView {
                 request.sendResponse()
             })
             view.settings.errorPageEnabled = false
+            view.profile.useForGlobalCertificateVerification = true
         }
 
         function init() {
diff --git a/tests/auto/widgets/certificateerror/tst_certificateerror.cpp b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
index c5b761818..0bea04155 100644
--- a/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
+++ b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp
@@ -30,6 +30,7 @@
 
 #include <QWebEngineCertificateError>
 #include <QWebEnginePage>
+#include <QWebEngineProfile>
 #include <QWebEngineSettings>
 
 #include <QtTest/QtTest>
@@ -124,6 +125,7 @@ void tst_CertificateError::handleError()
 void tst_CertificateError::fatalError()
 {
     PageWithCertificateErrorHandler page(false, false);
+    page.profile()->setUseForGlobalCertificateVerification();
     page.settings()->setAttribute(QWebEngineSettings::ErrorPageEnabled, false);
     QSignalSpy loadFinishedSpy(&page, &QWebEnginePage::loadFinished);