Details
-
Task
-
Resolution: Unresolved
-
P2: Important
-
None
-
None
-
None
Description
Following QTBUG-96606 it became clear that we don't have any tests at the moment which connects to and, inadvertently, verifies the TLS certificate of a remote which has a root CA that's stored in the system stores.
Now this is more complex than simply adding a new test. We have had tests using external dependencies in the past but these were always flaky and would block integrations as soon as the service had some trouble.
One option could be to connect to a service and ignore the result if it fails to connect for any reason other than a failed TLS handshake.
One question would be which service to target with this since the service would get connected to by every CI machine. Though we could get IP-blocked if we connect to it too much, which would not be ideal.
We could also have an internal service, as long as its certificate is actually signed by a normal certificate authority.