Make it possible to enable OCSP on Linux

The code follows Chromium and also set a CertNetFetcher on both Linux and macOS, but it appears to be currently unused. [ChangeLog][QWebEngineProfile] A profile can now be designated to download OCSP records and thus enable OCSP verification on Linux. Task-number: QTBUG-58059 Task-number: QTBUG-71164 Change-Id: I84fd34d4351cb7aa4417ce4058f97bad4b8d0cd4 Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-08-01 12:57:44 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-10-17 10:44:07 +0000
commit: 0b1025b8aea4aa0336671f7e908287d65490d120 (patch)
tree: 77c201fee93d3c184ce5b6b28d55fc01dc4a6d9e
parent: 7b886ab2cdfc94cc70477f51bd28961de52e989c (diff)
15 files changed, 289 insertions, 2 deletions
diff --git a/examples/webengine/quicknanobrowser/ApplicationRoot.qml b/examples/webengine/quicknanobrowser/ApplicationRoot.qml
index 67b686541..3bc571546 100644
--- a/examples/webengine/quicknanobrowser/ApplicationRoot.qml
+++ b/examples/webengine/quicknanobrowser/ApplicationRoot.qml
@@ -49,7 +49,7 @@
 ****************************************************************************/
 
 import QtQuick 2.1
-import QtWebEngine 1.2
+import QtWebEngine 1.9
 
 QtObject {
     id: root
@@ -57,6 +57,7 @@ QtObject {
     property QtObject defaultProfile: WebEngineProfile {
         storageName: "Profile"
         offTheRecord: false
+        useForGlobalCertificateVerification: true
     }
 
     property QtObject otrProfile: WebEngineProfile {
diff --git a/examples/webenginewidgets/simplebrowser/main.cpp b/examples/webenginewidgets/simplebrowser/main.cpp
index 96b1eab97..5a8a0e65d 100644
--- a/examples/webenginewidgets/simplebrowser/main.cpp
+++ b/examples/webenginewidgets/simplebrowser/main.cpp
@@ -52,6 +52,7 @@
 #include "browserwindow.h"
 #include "tabwidget.h"
 #include <QApplication>
+#include <QWebEngineProfile>
 #include <QWebEngineSettings>
 
 QUrl commandLineUrlArgument()
@@ -73,6 +74,8 @@ int main(int argc, char **argv)
     app.setWindowIcon(QIcon(QStringLiteral(":AppLogoColor.png")));
 
     QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::PluginsEnabled, true);
+    QWebEngineSettings::defaultSettings()->setAttribute(QWebEngineSettings::DnsPrefetchEnabled, true);
+    QWebEngineProfile::defaultProfile()->setUseForGlobalCertificateVerification();
 
     QUrl url = commandLineUrlArgument();
 
diff --git a/src/core/profile_adapter.cpp b/src/core/profile_adapter.cpp
index 86b16fd2c..57bf3e752 100644
--- a/src/core/profile_adapter.cpp
+++ b/src/core/profile_adapter.cpp
@@ -48,6 +48,7 @@
 #include "download_manager_delegate_qt.h"
 #include "net/url_request_context_getter_qt.h"
 #include "permission_manager_qt.h"
+#include "profile_adapter_client.h"
 #include "profile_qt.h"
 #include "renderer_host/user_resource_controller_host.h"
 #include "type_conversion.h"
@@ -546,4 +547,34 @@ void ProfileAdapter::resetVisitedLinksManager()
     m_visitedLinksManager.reset(new VisitedLinksManagerQt(this));
 }
 
+void ProfileAdapter::setUseForGlobalCertificateVerification(bool enable)
+{
+    if (m_usedForGlobalCertificateVerification == enable)
+        return;
+
+    static QPointer<ProfileAdapter> profileForglobalCertificateVerification;
+
+    m_usedForGlobalCertificateVerification = enable;
+    if (enable) {
+        if (profileForglobalCertificateVerification) {
+            profileForglobalCertificateVerification->m_usedForGlobalCertificateVerification = false;
+            for (auto *client : qAsConst(profileForglobalCertificateVerification->m_clients))
+                client->useForGlobalCertificateVerificationChanged();
+        }
+        profileForglobalCertificateVerification = this;
+    } else {
+        Q_ASSERT(profileForglobalCertificateVerification);
+        Q_ASSERT(profileForglobalCertificateVerification == this);
+        profileForglobalCertificateVerification = nullptr;
+    }
+
+    if (m_profile->m_urlRequestContextGetter.get())
+        m_profile->m_profileIOData->updateUsedForGlobalCertificateVerification();
+}
+
+bool ProfileAdapter::isUsedForGlobalCertificateVerification() const
+{
+    return m_usedForGlobalCertificateVerification;
+}
+
 } // namespace QtWebEngineCore
diff --git a/src/core/profile_adapter.h b/src/core/profile_adapter.h
index 65843eda3..19a56d2a7 100644
--- a/src/core/profile_adapter.h
+++ b/src/core/profile_adapter.h
@@ -186,12 +186,16 @@ public:
 
     void clearHttpCache();
 
+    void setUseForGlobalCertificateVerification(bool enable = true);
+    bool isUsedForGlobalCertificateVerification() const;
+
 private:
     void updateCustomUrlSchemeHandlers();
     void resetVisitedLinksManager();
 
     QString m_name;
     bool m_offTheRecord;
+    bool m_usedForGlobalCertificateVerification = false;
     QScopedPointer<ProfileQt> m_profile;
     QScopedPointer<VisitedLinksManagerQt> m_visitedLinksManager;
     QScopedPointer<DownloadManagerDelegateQt> m_downloadManagerDelegate;
diff --git a/src/core/profile_adapter_client.h b/src/core/profile_adapter_client.h
index 06051fab6..4711f8bcf 100644
--- a/src/core/profile_adapter_client.h
+++ b/src/core/profile_adapter_client.h
@@ -142,6 +142,7 @@ public:
 
     virtual void downloadRequested(DownloadItemInfo &info) = 0;
     virtual void downloadUpdated(const DownloadItemInfo &info) = 0;
+    virtual void useForGlobalCertificateVerificationChanged() {}
     static QString downloadInterruptReasonToString(DownloadInterruptReason reason);
 };
 
diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp
index fdd9a881c..ad8c2a110 100644
--- a/src/core/profile_io_data_qt.cpp
+++ b/src/core/profile_io_data_qt.cpp
@@ -85,6 +85,15 @@
 #include "resource_context_qt.h"
 #include "type_conversion.h"
 
+#if defined(USE_NSS_CERTS)
+#include "net/cert_net/nss_ocsp.h"
+#endif
+
+#if defined(OS_LINUX) || defined(OS_MACOSX)
+#include "net/cert/cert_net_fetcher.h"
+#include "net/cert_net/cert_net_fetcher_impl.h"
+#endif
+
 namespace QtWebEngineCore {
 
 static const char* const kDefaultAuthSchemes[] = { net::kBasicAuthScheme,
@@ -170,6 +179,16 @@ ProfileIODataQt::~ProfileIODataQt()
 {
     if (content::BrowserThread::IsThreadInitialized(content::BrowserThread::IO))
         DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+
+    if (m_useForGlobalCertificateVerification) {
+#if defined(USE_NSS_CERTS)
+        net::SetURLRequestContextForNSSHttpIO(nullptr);
+#endif
+#if defined(OS_LINUX) ||defined(OS_MACOSX)
+        net::ShutdownGlobalCertNetFetcher();
+#endif
+    }
+
     m_resourceContext.reset();
     if (m_cookieDelegate)
         m_cookieDelegate->setCookieMonster(0); // this will let CookieMonsterDelegateQt be deleted
@@ -212,6 +231,7 @@ void ProfileIODataQt::initializeOnIOThread()
     m_initialized = true;
     generateAllStorage();
     generateJobFactory();
+    setGlobalCertificateVerification();
 }
 
 void ProfileIODataQt::initializeOnUIThread()
@@ -254,6 +274,26 @@ void ProfileIODataQt::generateAllStorage()
     m_updateAllStorage = false;
 }
 
+class SSLConfigServiceQt : public net::SSLConfigService {
+public:
+    SSLConfigServiceQt()
+    {
+        // Enable revocation checking:
+        m_defaultConfig.rev_checking_enabled = true;
+        // Mirroring Android WebView (we have no beef with Symantec, and our users might use them):
+        m_defaultConfig.symantec_enforcement_disabled = true;
+    }
+    ~SSLConfigServiceQt() override = default;
+
+    void GetSSLConfig(net::SSLConfig* config) override
+    {
+        *config = m_defaultConfig;
+    }
+
+private:
+    net::SSLConfig m_defaultConfig;
+};
+
 void ProfileIODataQt::generateStorage()
 {
     Q_ASSERT(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
@@ -297,7 +337,7 @@ void ProfileIODataQt::generateStorage()
                                                 nullptr /* NetLog */,
                                                 m_networkDelegate.get()));
 
-    m_storage->set_ssl_config_service(std::make_unique<net::SSLConfigServiceDefaults>());
+    m_storage->set_ssl_config_service(std::make_unique<SSLConfigServiceQt>());
     m_storage->set_transport_security_state(std::unique_ptr<net::TransportSecurityState>(
                                                 new net::TransportSecurityState()));
 
@@ -543,6 +583,21 @@ void ProfileIODataQt::regenerateJobFactory()
     }
 }
 
+void ProfileIODataQt::setGlobalCertificateVerification()
+{
+    Q_ASSERT(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
+    QMutexLocker lock(&m_mutex);
+    if (m_useForGlobalCertificateVerification) {
+#if defined(USE_NSS_CERTS)
+        // Set request context used by NSS for OCSP requests.
+        net::SetURLRequestContextForNSSHttpIO(m_urlRequestContext.get());
+#endif
+#if defined(OS_LINUX) || defined(OS_MACOSX)
+        net::SetGlobalCertNetFetcher(net::CreateCertNetFetcher(m_urlRequestContext.get()));
+#endif
+    }
+}
+
 void ProfileIODataQt::setRequestContextData(content::ProtocolHandlerMap *protocolHandlers,
                                             content::URLRequestInterceptorScopedVector request_interceptors)
 {
@@ -565,6 +620,7 @@ void ProfileIODataQt::setFullConfiguration()
     m_httpCachePath = m_profileAdapter->httpCachePath();
     m_httpCacheMaxSize = m_profileAdapter->httpCacheMaxSize();
     m_customUrlSchemes = m_profileAdapter->customUrlSchemes();
+    m_useForGlobalCertificateVerification = m_profileAdapter->isUsedForGlobalCertificateVerification();
 }
 
 void ProfileIODataQt::updateStorageSettings()
@@ -692,4 +748,15 @@ bool ProfileIODataQt::canGetCookies(const QUrl &firstPartyUrl, const QUrl &url)
     return m_cookieDelegate->canGetCookies(firstPartyUrl, url);
 }
 
+void ProfileIODataQt::updateUsedForGlobalCertificateVerification()
+{
+    Q_ASSERT(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+    QMutexLocker lock(&m_mutex);
+    m_useForGlobalCertificateVerification = m_profileAdapter->isUsedForGlobalCertificateVerification();
+
+    if (m_useForGlobalCertificateVerification)
+        content::BrowserThread::PostTask(content::BrowserThread::IO, FROM_HERE,
+                                         base::Bind(&ProfileIODataQt::setGlobalCertificateVerification, m_weakPtr));
+}
+
 } // namespace QtWebEngineCore
diff --git a/src/core/profile_io_data_qt.h b/src/core/profile_io_data_qt.h
index 7c4dae14b..3eb456e6e 100644
--- a/src/core/profile_io_data_qt.h
+++ b/src/core/profile_io_data_qt.h
@@ -91,6 +91,7 @@ public:
     QWebEngineUrlRequestInterceptor *requestInterceptor();
     bool canSetCookie(const QUrl &firstPartyUrl, const QByteArray &cookieLine, const QUrl &url) const;
     bool canGetCookies(const QUrl &firstPartyUrl, const QUrl &url) const;
+    void setGlobalCertificateVerification();
 
     void setRequestContextData(content::ProtocolHandlerMap *protocolHandlers,
                                content::URLRequestInterceptorScopedVector request_interceptors);
@@ -101,6 +102,7 @@ public:
     void updateHttpCache(); // runs on ui thread
     void updateJobFactory(); // runs on ui thread
     void updateRequestInterceptor(); // runs on ui thread
+    void updateUsedForGlobalCertificateVerification(); // runs on ui thread
 
 private:
     ProfileQt *m_profile;
@@ -140,6 +142,7 @@ private:
     bool m_updateJobFactory = false;
     bool m_updateUserAgent = false;
     bool m_ignoreCertificateErrors = false;
+    bool m_useForGlobalCertificateVerification = false;
     base::WeakPtrFactory<ProfileIODataQt> m_weakPtrFactory; // this should be always the last member
     DISALLOW_COPY_AND_ASSIGN(ProfileIODataQt);
 };
diff --git a/src/webengine/api/qquickwebengineprofile.cpp b/src/webengine/api/qquickwebengineprofile.cpp
index ed2600e49..a97f3c6e2 100644
--- a/src/webengine/api/qquickwebengineprofile.cpp
+++ b/src/webengine/api/qquickwebengineprofile.cpp
@@ -277,6 +277,12 @@ void QQuickWebEngineProfilePrivate::downloadUpdated(const DownloadItemInfo &info
     }
 }
 
+void QQuickWebEngineProfilePrivate::useForGlobalCertificateVerificationChanged()
+{
+    Q_Q(QQuickWebEngineProfile);
+    Q_EMIT q->useForGlobalCertificateVerificationChanged();
+}
+
 void QQuickWebEngineProfilePrivate::userScripts_append(QQmlListProperty<QQuickWebEngineScript> *p, QQuickWebEngineScript *script)
 {
     Q_ASSERT(p && p->data);
@@ -787,6 +793,60 @@ bool QQuickWebEngineProfile::isSpellCheckEnabled() const
 }
 
 /*!
+    \qmlproperty bool WebEngineProfile::useForGlobalCertificateVerification
+    \since QtWebEngine 1.9
+
+    This property controls if this profile is used for global certificate verification.
+    Only one profile may have that role at any time.
+
+    Current only offect Linux/NSS installation where having a profile with this role
+    enables OCSP.
+
+    By default no profile has this enabled.
+
+    \sa QQuickWebEngineProfile::setUseForGlobalCertificateVerification()
+*/
+
+/*!
+    \since 5.13
+
+    If enabled set this profile to be used for downloading and caching when needed
+    during certificate verification, for instance for OCSP, CRLs, and AIA.
+
+    Only one profile can do this at a time, and it is recommended that the profile
+    fullfilling this role has a disk HTTP cache to avoid needlessly re-downloading.
+
+    Currently only affects Linux/NSS installations where it enables OCSP.
+
+    As long as one profile has this option enabled, all other profiles will be
+    able to use it for their certificate verification.
+
+    \sa isUsedForGlobalCertificateVerification()
+*/
+void QQuickWebEngineProfile::setUseForGlobalCertificateVerification(bool enable)
+{
+    Q_D(QQuickWebEngineProfile);
+    if (enable != d->profileAdapter()->isUsedForGlobalCertificateVerification()) {
+        d->profileAdapter()->setUseForGlobalCertificateVerification(enable);
+        emit useForGlobalCertificateVerificationChanged();
+    }
+}
+
+/*!
+    \since 5.13
+
+    Returns \c true if this profile is currently being used for global
+    certificate verification.
+
+    \sa setUseForGlobalCertificateVerification()
+*/
+bool QQuickWebEngineProfile::isUsedForGlobalCertificateVerification() const
+{
+     const Q_D(QQuickWebEngineProfile);
+     return d->profileAdapter()->isUsedForGlobalCertificateVerification();
+}
+
+/*!
 
     Returns the cookie store for this profile.
 */
diff --git a/src/webengine/api/qquickwebengineprofile.h b/src/webengine/api/qquickwebengineprofile.h
index 9fc4f9eca..761ef5670 100644
--- a/src/webengine/api/qquickwebengineprofile.h
+++ b/src/webengine/api/qquickwebengineprofile.h
@@ -72,6 +72,11 @@ class Q_WEBENGINE_EXPORT QQuickWebEngineProfile : public QObject {
     Q_PROPERTY(QStringList spellCheckLanguages READ spellCheckLanguages WRITE setSpellCheckLanguages NOTIFY spellCheckLanguagesChanged FINAL REVISION 3)
     Q_PROPERTY(bool spellCheckEnabled READ isSpellCheckEnabled WRITE setSpellCheckEnabled NOTIFY spellCheckEnabledChanged FINAL REVISION 3)
     Q_PROPERTY(QQmlListProperty<QQuickWebEngineScript> userScripts READ userScripts FINAL REVISION 4)
+    Q_PROPERTY(bool useForGlobalCertificateVerification
+               READ isUsedForGlobalCertificateVerification
+               WRITE setUseForGlobalCertificateVerification
+               NOTIFY useForGlobalCertificateVerificationChanged
+               FINAL REVISION 5)
 
 public:
     QQuickWebEngineProfile(QObject *parent = Q_NULLPTR);
@@ -137,6 +142,9 @@ public:
 
     QQmlListProperty<QQuickWebEngineScript> userScripts();
 
+    void setUseForGlobalCertificateVerification(bool b);
+    bool isUsedForGlobalCertificateVerification() const;
+
     static QQuickWebEngineProfile *defaultProfile();
 
 Q_SIGNALS:
@@ -151,6 +159,7 @@ Q_SIGNALS:
     Q_REVISION(1) void httpAcceptLanguageChanged();
     Q_REVISION(3) void spellCheckLanguagesChanged();
     Q_REVISION(3) void spellCheckEnabledChanged();
+    Q_REVISION(5) void useForGlobalCertificateVerificationChanged();
 
     void downloadRequested(QQuickWebEngineDownloadItem *download);
     void downloadFinished(QQuickWebEngineDownloadItem *download);
diff --git a/src/webengine/api/qquickwebengineprofile_p.h b/src/webengine/api/qquickwebengineprofile_p.h
index d31ded0ec..d59470f46 100644
--- a/src/webengine/api/qquickwebengineprofile_p.h
+++ b/src/webengine/api/qquickwebengineprofile_p.h
@@ -83,6 +83,8 @@ public:
     void downloadRequested(DownloadItemInfo &info) override;
     void downloadUpdated(const DownloadItemInfo &info) override;
 
+    void useForGlobalCertificateVerificationChanged() override;
+
     // QQmlListPropertyHelpers
     static void userScripts_append(QQmlListProperty<QQuickWebEngineScript> *p, QQuickWebEngineScript *script);
     static int userScripts_count(QQmlListProperty<QQuickWebEngineScript> *p);
diff --git a/src/webengine/plugin/plugin.cpp b/src/webengine/plugin/plugin.cpp
index 84a12c930..16f1bd593 100644
--- a/src/webengine/plugin/plugin.cpp
+++ b/src/webengine/plugin/plugin.cpp
@@ -96,6 +96,7 @@ public:
         qmlRegisterType<QQuickWebEngineProfile, 2>(uri, 1, 3, "WebEngineProfile");
         qmlRegisterType<QQuickWebEngineProfile, 3>(uri, 1, 4, "WebEngineProfile");
         qmlRegisterType<QQuickWebEngineProfile, 4>(uri, 1, 5, "WebEngineProfile");
+        qmlRegisterType<QQuickWebEngineProfile, 5>(uri, 1, 9, "WebEngineProfile");
         qmlRegisterType<QQuickWebEngineScript>(uri, 1, 1, "WebEngineScript");
         qmlRegisterUncreatableType<QQuickWebEngineCertificateError>(uri, 1, 1, "WebEngineCertificateError", msgUncreatableType("WebEngineCertificateError"));
         qmlRegisterUncreatableType<QQuickWebEngineDownloadItem>(uri, 1, 1, "WebEngineDownloadItem",
diff --git a/src/webenginewidgets/api/qwebengineprofile.cpp b/src/webenginewidgets/api/qwebengineprofile.cpp
index 537cf41fd..4b673b0ac 100644
--- a/src/webenginewidgets/api/qwebengineprofile.cpp
+++ b/src/webenginewidgets/api/qwebengineprofile.cpp
@@ -759,6 +759,41 @@ void QWebEngineProfile::destroyedUrlSchemeHandler(QWebEngineUrlSchemeHandler *ob
 }
 
 /*!
+    \since 5.13
+
+    Sets this profile to be used for downloading and caching when needed during
+    certificate verification, for instance for OCSP, CRLs, and AIA.
+
+    Only one QWebEngineProfile can do this at a time, and it is recommended
+    that the profile fullfilling this role has a disk HTTP cache to avoid
+    needlessly re-downloading.
+
+    Currently only affects Linux/NSS installations where it enables OCSP.
+
+    As long as one profile has this option enabled, all other profiles will be
+    able to use it for their certificate verification.
+
+    \sa isUsedForGlobalCertificateVerification(), httpCacheType()
+*/
+void QWebEngineProfile::setUseForGlobalCertificateVerification()
+{
+    Q_D(QWebEngineProfile);
+    d->profileAdapter()->setUseForGlobalCertificateVerification();
+}
+
+/*!
+    \since 5.13
+
+    Returns \c true if this profile is currently being used for global
+    certificate verification.
+*/
+bool QWebEngineProfile::isUsedForGlobalCertificateVerification() const
+{
+    Q_D(const QWebEngineProfile);
+    return d->profileAdapter()->isUsedForGlobalCertificateVerification();
+}
+
+/*!
     \since 5.7
 
     Removes the profile's cache entries.
diff --git a/src/webenginewidgets/api/qwebengineprofile.h b/src/webenginewidgets/api/qwebengineprofile.h
index f9a564cd2..2c0b5ca03 100644
--- a/src/webenginewidgets/api/qwebengineprofile.h
+++ b/src/webenginewidgets/api/qwebengineprofile.h
@@ -128,6 +128,9 @@ public:
     void setSpellCheckEnabled(bool enabled);
     bool isSpellCheckEnabled() const;
 
+    void setUseForGlobalCertificateVerification();
+    bool isUsedForGlobalCertificateVerification() const;
+
     static QWebEngineProfile *defaultProfile();
 
 Q_SIGNALS:
diff --git a/tests/auto/quick/qmltests/data/tst_profile.qml b/tests/auto/quick/qmltests/data/tst_profile.qml
new file mode 100644
index 000000000..ee7fa4e99
--- /dev/null
+++ b/tests/auto/quick/qmltests/data/tst_profile.qml
@@ -0,0 +1,66 @@
+/****************************************************************************
+**
+** Copyright (C) 2018 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:GPL-EXCEPT$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 3 as published by the Free Software
+** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+import QtQuick 2.0
+import QtTest 1.0
+import QtWebEngine 1.9
+
+TestWebEngineView {
+    id: webEngineView
+    width: 400
+    height: 300
+
+
+    WebEngineProfile {
+        id: profile1
+    }
+    WebEngineProfile {
+        id: profile2
+    }
+    property bool profile1UsedForGlobalCertificateVerification: profile1.useForGlobalCertificateVerification
+
+    TestCase {
+        name: "WebEngineProfile"
+
+        function test_useForGlobalCertificateVerification() {
+            verify(!profile1.useForGlobalCertificateVerification);
+            verify(!profile2.useForGlobalCertificateVerification);
+            verify(!webEngineView.profile1UsedForGlobalCertificateVerification);
+
+            profile1.useForGlobalCertificateVerification = true;
+            verify(profile1.useForGlobalCertificateVerification);
+            verify(!profile2.useForGlobalCertificateVerification);
+            verify(webEngineView.profile1UsedForGlobalCertificateVerification);
+
+            profile2.useForGlobalCertificateVerification = true;
+            verify(!webEngineView.profile1UsedForGlobalCertificateVerification);
+            verify(!profile1.useForGlobalCertificateVerification);
+            verify(profile2.useForGlobalCertificateVerification);
+        }
+    }
+}
diff --git a/tests/auto/quick/qmltests/qmltests.pro b/tests/auto/quick/qmltests/qmltests.pro
index a2b05e091..ad479cd31 100644
--- a/tests/auto/quick/qmltests/qmltests.pro
+++ b/tests/auto/quick/qmltests/qmltests.pro
@@ -67,6 +67,7 @@ OTHER_FILES += \
     $$PWD/data/tst_navigationHistory.qml \
     $$PWD/data/tst_navigationRequested.qml \
     $$PWD/data/tst_newViewRequest.qml \
+    $$PWD/data/tst_profile.qml \
     $$PWD/data/tst_properties.qml \
     $$PWD/data/tst_runJavaScript.qml \
     $$PWD/data/tst_scrollPosition.qml \
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-08-01 12:57:44 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-10-17 10:44:07 +0000
commit	0b1025b8aea4aa0336671f7e908287d65490d120 (patch)
tree	77c201fee93d3c184ce5b6b28d55fc01dc4a6d9e
parent	7b886ab2cdfc94cc70477f51bd28961de52e989c (diff)