Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P2: Important
Fix Version/s: 5.15.5
Affects Version/s: 5.15.2
Component/s: WebEngine
Labels:
None

Platform/s:

Linux/X11
Commits:
a7d3b4cb07dd41ae020bdfa2973096332b9d4396 (qt/qtwebengine/5.15)

Description

It looks like with QtWebEngine 5.15.2, OCSP is always used, even if setUseForGlobalCertificateVerification was never called on any profile.

This can be observed by running e.g. Wireshark (or tcpdump, though I haven't tried), filtering for ocsp and running simplebrowser.

Alternatively, drop outgoing HTTP packets entirely with something like sudo iptables -A OUTPUT -p tcp --dport 80 -j DROP and you will see HTTPS connections failing.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Qt WebEngine Team

Reporter:: Florian Bruhin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01 Mar '21 20:42

Updated:: 03 May '21 14:51

Resolved:: 03 May '21 14:51

Gerrit Reviews

There are no open Gerrit changes

Show There are 9 closed Gerrit changes

Hide There are 9 closed Gerrit changes

Disable the weak OCSP checking: Gerrit Review:

Allow leaving OCSP off: Gerrit Review:

Allow leaving OCSP off: Gerrit Review:

Remove certificate fatal error test: Gerrit Review:

Workaround revoked certificate check on Linux: Gerrit Review:

Disable online revocation checking via OCSP: Gerrit Review:

Workaround revoked certificate check on Linux: Gerrit Review:

Remove deprecated useforglobalcertificateverification: Gerrit Review:

Remove deprecated useforglobalcertificateverification: Gerrit Review: