diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-04-22 10:56:02 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-05-03 10:42:05 +0200 |
commit | a7d3b4cb07dd41ae020bdfa2973096332b9d4396 (patch) | |
tree | 37b56c7cd895465ae0f1b89c1121e2a2f628e8c4 /src | |
parent | 119c9ae0aad412b352e4aeca7f1af0b3ad5a3045 (diff) |
Allow leaving OCSP off
This form of OCSP is not good, so try to at least allow it to be
disabled, until we remove it.
Fixes: QTBUG-91467
Change-Id: Ied9e8c4960e6ea1503dea39ebbced2ad1af08d5d
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Diffstat (limited to 'src')
-rw-r--r-- | src/core/profile_adapter.cpp | 31 | ||||
-rw-r--r-- | src/core/profile_adapter.h | 1 | ||||
-rw-r--r-- | src/core/profile_io_data_qt.cpp | 3 |
3 files changed, 21 insertions, 14 deletions
diff --git a/src/core/profile_adapter.cpp b/src/core/profile_adapter.cpp index dff98717d..4dab8aa34 100644 --- a/src/core/profile_adapter.cpp +++ b/src/core/profile_adapter.cpp @@ -87,6 +87,9 @@ inline QString buildLocationFromStandardPath(const QString &standardPath, const namespace QtWebEngineCore { +// static +QPointer<ProfileAdapter> ProfileAdapter::s_profileForGlobalCertificateVerification; + ProfileAdapter::ProfileAdapter(const QString &storageName): m_name(storageName) , m_offTheRecord(storageName.isEmpty()) @@ -654,26 +657,26 @@ void ProfileAdapter::setUseForGlobalCertificateVerification(bool enable) if (m_usedForGlobalCertificateVerification == enable) return; - static QPointer<ProfileAdapter> profileForglobalCertificateVerification; - m_usedForGlobalCertificateVerification = enable; if (enable) { - if (profileForglobalCertificateVerification) { - profileForglobalCertificateVerification->m_usedForGlobalCertificateVerification = false; - if (!m_profile->m_profileIOData->isClearHttpCacheInProgress()) - profileForglobalCertificateVerification->m_profile->m_profileIOData->resetNetworkContext(); - for (auto *client : qAsConst(profileForglobalCertificateVerification->m_clients)) + if (s_profileForGlobalCertificateVerification) { + s_profileForGlobalCertificateVerification->m_usedForGlobalCertificateVerification = false; + for (auto *client : qAsConst(s_profileForGlobalCertificateVerification->m_clients)) client->useForGlobalCertificateVerificationChanged(); + } else { + // OCSP enabled + for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters)) + adapter->m_profile->m_profileIOData->resetNetworkContext(); } - profileForglobalCertificateVerification = this; + s_profileForGlobalCertificateVerification = this; } else { - Q_ASSERT(profileForglobalCertificateVerification); - Q_ASSERT(profileForglobalCertificateVerification == this); - profileForglobalCertificateVerification = nullptr; + Q_ASSERT(s_profileForGlobalCertificateVerification); + Q_ASSERT(s_profileForGlobalCertificateVerification == this); + s_profileForGlobalCertificateVerification = nullptr; + // OCSP disabled + for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters)) + adapter->m_profile->m_profileIOData->resetNetworkContext(); } - - if (!m_profile->m_profileIOData->isClearHttpCacheInProgress()) - m_profile->m_profileIOData->resetNetworkContext(); } bool ProfileAdapter::isUsedForGlobalCertificateVerification() const diff --git a/src/core/profile_adapter.h b/src/core/profile_adapter.h index efd56e50e..caeff246a 100644 --- a/src/core/profile_adapter.h +++ b/src/core/profile_adapter.h @@ -216,6 +216,7 @@ public: QString determineDownloadPath(const QString &downloadDirectory, const QString &suggestedFilename, const time_t &startTime); + static QPointer<ProfileAdapter> s_profileForGlobalCertificateVerification; private: void updateCustomUrlSchemeHandlers(); void resetVisitedLinksManager(); diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp index 68e674f01..8e6c8fed3 100644 --- a/src/core/profile_io_data_qt.cpp +++ b/src/core/profile_io_data_qt.cpp @@ -224,6 +224,9 @@ void ProfileIODataQt::ConfigureNetworkContextParams(bool in_memory, SystemNetworkContextManager::GetInstance()->ConfigureDefaultNetworkContextParams(network_context_params); + // FIXME: Faking old behavior to allow not enabling OCSP + network_context_params->initial_ssl_config->rev_checking_enabled = !ProfileAdapter::s_profileForGlobalCertificateVerification.isNull(); + network_context_params->context_name = m_storageName.toStdString(); network_context_params->user_agent = m_httpUserAgent.toStdString(); network_context_params->accept_language = m_httpAcceptLanguage.toStdString(); |