Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-91467

[REG 5.15.0 -> 5.15.2] OCSP is used even if not enabled

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 5.15.2
    • Fix Version/s: 5.15.5
    • Component/s: WebEngine
    • Labels:
      None
    • Platform/s:
      Linux/X11
    • Commits:
      a7d3b4cb07dd41ae020bdfa2973096332b9d4396 (qt/qtwebengine/5.15)

      Description

      It looks like with QtWebEngine 5.15.2, OCSP is always used, even if setUseForGlobalCertificateVerification was never called on any profile.

      This can be observed by running e.g. Wireshark (or tcpdump, though I haven't tried), filtering for ocsp and running simplebrowser.

      Alternatively, drop outgoing HTTP packets entirely with something like sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP and you will see HTTPS connections failing.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            qt_webengine_team Qt WebEngine Team
            Reporter:
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes