Allow leaving OCSP off

This form of OCSP is not good, so try to at least allow it to be disabled, until we remove it. Fixes: QTBUG-91467 Change-Id: Ied9e8c4960e6ea1503dea39ebbced2ad1af08d5d Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2021-04-22 10:56:02 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2021-05-03 10:42:05 +0200
commit: a7d3b4cb07dd41ae020bdfa2973096332b9d4396 (patch)
tree: 37b56c7cd895465ae0f1b89c1121e2a2f628e8c4 /src
parent: 119c9ae0aad412b352e4aeca7f1af0b3ad5a3045 (diff)
3 files changed, 21 insertions, 14 deletions
diff --git a/src/core/profile_adapter.cpp b/src/core/profile_adapter.cpp
index dff98717d..4dab8aa34 100644
--- a/src/core/profile_adapter.cpp
+++ b/src/core/profile_adapter.cpp
@@ -87,6 +87,9 @@ inline QString buildLocationFromStandardPath(const QString &standardPath, const
 
 namespace QtWebEngineCore {
 
+// static
+QPointer<ProfileAdapter> ProfileAdapter::s_profileForGlobalCertificateVerification;
+
 ProfileAdapter::ProfileAdapter(const QString &storageName):
       m_name(storageName)
     , m_offTheRecord(storageName.isEmpty())
@@ -654,26 +657,26 @@ void ProfileAdapter::setUseForGlobalCertificateVerification(bool enable)
     if (m_usedForGlobalCertificateVerification == enable)
         return;
 
-    static QPointer<ProfileAdapter> profileForglobalCertificateVerification;
-
     m_usedForGlobalCertificateVerification = enable;
     if (enable) {
-        if (profileForglobalCertificateVerification) {
-            profileForglobalCertificateVerification->m_usedForGlobalCertificateVerification = false;
-            if (!m_profile->m_profileIOData->isClearHttpCacheInProgress())
-                profileForglobalCertificateVerification->m_profile->m_profileIOData->resetNetworkContext();
-            for (auto *client : qAsConst(profileForglobalCertificateVerification->m_clients))
+        if (s_profileForGlobalCertificateVerification) {
+            s_profileForGlobalCertificateVerification->m_usedForGlobalCertificateVerification = false;
+            for (auto *client : qAsConst(s_profileForGlobalCertificateVerification->m_clients))
                 client->useForGlobalCertificateVerificationChanged();
+        } else {
+            // OCSP enabled
+            for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters))
+                adapter->m_profile->m_profileIOData->resetNetworkContext();
         }
-        profileForglobalCertificateVerification = this;
+        s_profileForGlobalCertificateVerification = this;
     } else {
-        Q_ASSERT(profileForglobalCertificateVerification);
-        Q_ASSERT(profileForglobalCertificateVerification == this);
-        profileForglobalCertificateVerification = nullptr;
+        Q_ASSERT(s_profileForGlobalCertificateVerification);
+        Q_ASSERT(s_profileForGlobalCertificateVerification == this);
+        s_profileForGlobalCertificateVerification = nullptr;
+        // OCSP disabled
+        for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters))
+            adapter->m_profile->m_profileIOData->resetNetworkContext();
     }
-
-    if (!m_profile->m_profileIOData->isClearHttpCacheInProgress())
-        m_profile->m_profileIOData->resetNetworkContext();
 }
 
 bool ProfileAdapter::isUsedForGlobalCertificateVerification() const
diff --git a/src/core/profile_adapter.h b/src/core/profile_adapter.h
index efd56e50e..caeff246a 100644
--- a/src/core/profile_adapter.h
+++ b/src/core/profile_adapter.h
@@ -216,6 +216,7 @@ public:
 
     QString determineDownloadPath(const QString &downloadDirectory, const QString &suggestedFilename, const time_t &startTime);
 
+    static QPointer<ProfileAdapter> s_profileForGlobalCertificateVerification;
 private:
     void updateCustomUrlSchemeHandlers();
     void resetVisitedLinksManager();
diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp
index 68e674f01..8e6c8fed3 100644
--- a/src/core/profile_io_data_qt.cpp
+++ b/src/core/profile_io_data_qt.cpp
@@ -224,6 +224,9 @@ void ProfileIODataQt::ConfigureNetworkContextParams(bool in_memory,
 
     SystemNetworkContextManager::GetInstance()->ConfigureDefaultNetworkContextParams(network_context_params);
 
+    // FIXME: Faking old behavior to allow not enabling OCSP
+    network_context_params->initial_ssl_config->rev_checking_enabled = !ProfileAdapter::s_profileForGlobalCertificateVerification.isNull();
+
     network_context_params->context_name = m_storageName.toStdString();
     network_context_params->user_agent = m_httpUserAgent.toStdString();
     network_context_params->accept_language = m_httpAcceptLanguage.toStdString();
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2021-04-22 10:56:02 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2021-05-03 10:42:05 +0200
commit	a7d3b4cb07dd41ae020bdfa2973096332b9d4396 (patch)
tree	37b56c7cd895465ae0f1b89c1121e2a2f628e8c4 /src
parent	119c9ae0aad412b352e4aeca7f1af0b3ad5a3045 (diff)