Always reject non-overridable certificate errors

We don't call the callback in case the error can't be allowed anyway,
so we should tell the caller right away the error was denied.

Task-number: QTBUG-50581
Change-Id: I8fcd72b7fbab5a8cbaffba95c6f97777c301cb64
Reviewed-by: Michael Brüning <michael.bruning@theqtcompany.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index 078874da1..18f8dbadd 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -400,9 +400,6 @@ void ContentBrowserClientQt::AllowCertificateError(int render_process_id, int re
                                                    const base::Callback<void(bool)>& callback,
                                                    content::CertificateRequestResultType* result)
 {
-    // We leave the result with its default value.
-    Q_UNUSED(result);
-
     content::RenderFrameHost *frameHost = content::RenderFrameHost::FromID(render_process_id, render_frame_id);
     WebContentsDelegateQt* contentsDelegate = 0;
     if (content::WebContents *webContents = frameHost->GetRenderViewHost()->GetDelegate()->GetAsWebContents())
@@ -410,6 +407,10 @@ void ContentBrowserClientQt::AllowCertificateError(int render_process_id, int re
 
     QSharedPointer<CertificateErrorController> errorController(new CertificateErrorController(new CertificateErrorControllerPrivate(cert_error, ssl_info, request_url, resource_type, overridable, strict_enforcement, callback)));
     contentsDelegate->allowCertificateError(errorController);
+
+    // If we don't give the user a chance to allow it, we can reject it right away.
+    if (result && (!overridable || strict_enforcement))
+        *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
 }
 
 content::LocationProvider *ContentBrowserClientQt::OverrideSystemLocationProvider()