diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 5313e97430..5252f3348b 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1111,8 +1111,10 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration) // if the CA certificates were set explicitly (either via // QSslConfiguration::setCaCertificates() or QSslSocket::setCaCertificates(), // we cannot load the certificates on demand - if (!configuration.d->allowRootCertOnDemandLoading) + if (!configuration.d->allowRootCertOnDemandLoading) { d->allowRootCertOnDemandLoading = false; + d->configuration.allowRootCertOnDemandLoading = false; + } } /*! diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 8b5b4156bb..79bd4994db 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -151,6 +151,7 @@ public slots: #ifndef QT_NO_SSL private slots: void constructing(); + void configNoOnDemandLoad(); void simpleConnect(); void simpleConnectWithIgnore(); @@ -590,6 +591,25 @@ void tst_QSslSocket::constructing() QSslConfiguration::setDefaultConfiguration(savedDefault); } +void tst_QSslSocket::configNoOnDemandLoad() +{ + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) + return; // NoProxy is enough. + + // We noticed a peculiar situation, where a configuration + // set on a socket is not equal to the configuration we + // get back from the socket afterwards. + auto customConfig = QSslConfiguration::defaultConfiguration(); + // Setting CA certificates disables loading root certificates + // during verification: + customConfig.setCaCertificates(customConfig.caCertificates()); + + QSslSocket socket; + socket.setSslConfiguration(customConfig); + QCOMPARE(customConfig, socket.sslConfiguration()); +} + void tst_QSslSocket::simpleConnect() { if (!QSslSocket::supportsSsl())