Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-52193

Linux: Consider using system NSS only as a certificate db

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Done
    • Icon: P1: Critical P1: Critical
    • 5.10.0
    • 5.6
    • WebEngine
    • None
    • 9b449045fbd5fd3b58bcaff6cf0c5878cd6e64eb

      If available, Qt WebEngine tries to use the system nss library for both SSL/crypto, and certificate handling. This has been causing problems, see e.g.
      QTBUG-52068 , QTBUG-51890 .

      Upstream chromium meanwhile has been moving towards always using the bundled BoringSSL for Crypto/SSL, and using NSS only for certificate handling:

      https://groups.google.com/a/chromium.org/forum/#!searchin/chromium-dev/nss|sort:date/chromium-dev/HDqrFYlj7rE/0g6jKwt8uVkJ

      This might mean that the NSS support for crypto might not get fixed, or even be removed in the future. We should decide whether we should invest time to fix this ourselves, or follow Chromium's lead to always rely on BoringSSL for crypto and NSS only for getting the system certificates.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            michal Michal Klocek
            kkohne Kai Köhne
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes