Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.10.0
Affects Version/s: 5.6
Component/s: WebEngine
Labels:
None

Commits:
9b449045fbd5fd3b58bcaff6cf0c5878cd6e64eb

Description

If available, Qt WebEngine tries to use the system nss library for both SSL/crypto, and certificate handling. This has been causing problems, see e.g.
~~QTBUG-52068~~ , ~~QTBUG-51890~~ .

Upstream chromium meanwhile has been moving towards always using the bundled BoringSSL for Crypto/SSL, and using NSS only for certificate handling:

https://groups.google.com/a/chromium.org/forum/#!searchin/chromium-dev/nss|sort:date/chromium-dev/HDqrFYlj7rE/0g6jKwt8uVkJ

This might mean that the NSS support for crypto might not get fixed, or even be removed in the future. We should decide whether we should invest time to fix this ourselves, or follow Chromium's lead to always rely on BoringSSL for crypto and NSS only for getting the system certificates.

Attachments

Issue Links

resulted from

QTBUG-51890 qtwebengine fails to build with system nss 3.23

Closed

QTBUG-52068 SSL connection error on Google sites in Ubuntu.

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-52193
#	Subject	Branch	Project	Status	CR	V
153890,5	Use system NSS only for certificate handling	5.6	qt/qtwebengine	Status: MERGED	+2	0
204106,10	Require NSS for linux builds	5.10	qt/qtwebengine	Status: MERGED	+2	0

Activity

People

Assignee:: Michal Klocek

Reporter:: Kai Köhne

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29 Mar '16 08:55

Updated:: 19 Sep '17 16:02

Resolved:: 19 Sep '17 16:02

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

Use system NSS only for certificate handling: Gerrit Review:

Require NSS for linux builds: Gerrit Review: