Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: P2: Important
Fix Version/s: 5.15.5
Affects Version/s: 5.15.2
Component/s: WebEngine
Labels:
None

Platform/s:

Linux/X11
Commits:
a7d3b4cb07dd41ae020bdfa2973096332b9d4396 (qt/qtwebengine/5.15), 19c617953 (134-based-refactor)

It looks like with QtWebEngine 5.15.2, OCSP is always used, even if setUseForGlobalCertificateVerification was never called on any profile.

This can be observed by running e.g. Wireshark (or tcpdump, though I haven't tried), filtering for ocsp and running simplebrowser.

Alternatively, drop outgoing HTTP packets entirely with something like sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP and you will see HTTPS connections failing.

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Assignee:: Qt WebEngine Team

Reporter:: Florian Bruhin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 01 Mar '21 20:42

Updated:: 19 Sep '25 15:17

Resolved:: 03 May '21 14:51

There are no open Gerrit changes

Show There are 9 closed Gerrit changes

Hide There are 9 closed Gerrit changes

Disable the weak OCSP checking: Gerrit Review:

Allow leaving OCSP off: Gerrit Review:

Allow leaving OCSP off: Gerrit Review:

Remove certificate fatal error test: Gerrit Review:

Workaround revoked certificate check on Linux: Gerrit Review:

Disable online revocation checking via OCSP: Gerrit Review:

Workaround revoked certificate check on Linux: Gerrit Review:

Remove deprecated useforglobalcertificateverification: Gerrit Review:

Remove deprecated useforglobalcertificateverification: Gerrit Review:

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews