Details
P2: Important Description
It looks like with QtWebEngine 5.15.2, OCSP is always used, even if setUseForGlobalCertificateVerification was never called on any profile.
This can be observed by running e.g. Wireshark (or tcpdump, though I haven't tried), filtering for ocsp and running simplebrowser.
Alternatively, drop outgoing HTTP packets entirely with something like sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP and you will see HTTPS connections failing.
Attachments
| For Gerrit Dashboard: QTBUG-91467 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 337180,3 | Disable the weak OCSP checking | 5.15 | qt/qtwebengine | Status: ABANDONED | 0 | 0 |
| 344833,6 | Allow leaving OCSP off | 5.15 | qt/qtwebengine | Status: MERGED | +2 | 0 |
| 345551,1 | Allow leaving OCSP off | dev | qt/qtwebengine | Status: ABANDONED | 0 | 0 |
| 349274,5 | Remove certificate fatal error test | dev | qt/qtwebengine | Status: MERGED | -1 | 0 |
| 350311,2 | Workaround revoked certificate check on Linux | 87-based | qt/qtwebengine-chromium | Status: MERGED | +2 | 0 |
| 350312,3 | Disable online revocation checking via OCSP | 5.15 | qt/qtwebengine | Status: ABANDONED | 0 | 0 |
| 350618,2 | Workaround revoked certificate check on Linux | 88-based | qt/qtwebengine-chromium | Status: MERGED | +2 | 0 |
| 358405,4 | Remove deprecated useforglobalcertificateverification | dev | qt/qtwebengine | Status: MERGED | +2 | 0 |
| 358517,2 | Remove deprecated useforglobalcertificateverification | 6.2 | qt/qtwebengine | Status: MERGED | +2 | 0 |