Remove deprecated useforglobalcertificateverification

It enabled an unrecommended OCSP path on Linux

[ChangeLog] (Q)WebEngineSettings::useForGlobalCertificateVerification
has been removed.

Task-number: QTBUG-91467
Change-Id: I9f5d1ad5e4fcb59abd31e6a133ded7bf8319c811
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 8f7a386a5228428122813ebea1d7489783b00633)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

7 files changed, 0 insertions, 91 deletions

diff --git a/src/core/api/qwebengineprofile.cpp b/src/core/api/qwebengineprofile.cpp
index 116846376..6ec48e75b 100644
--- a/src/core/api/qwebengineprofile.cpp
+++ b/src/core/api/qwebengineprofile.cpp
@@ -805,49 +805,6 @@ void QWebEngineProfile::removeAllUrlSchemeHandlers()
 }
 
 /*!
-    \since 5.13
-
-    \obsolete
-
-    Sets if this profile is to be used for downloading and caching when needed
-    during certificate verification, for instance for OCSP, CRLs, and AIA.
-
-    Only one QWebEngineProfile can do this at a time, and it is recommended
-    that the profile fullfilling this role has a disk HTTP cache to avoid
-    needlessly re-downloading. If you set the option on a second profile,
-    it will be disabled on the profile it is currently set.
-
-    As long as one profile has \a enabled set to \c true, all other profiles
-    will be able to use it for their certificate verification.
-
-    Originally only affected Linux/NSS installations where it enabled OCSP.
-
-    Since 5.15.3, no longer does anything. Certificate verification is done
-    using AIO on the requesting profile.
-
-    \sa isUsedForGlobalCertificateVerification(), httpCacheType()
-*/
-void QWebEngineProfile::setUseForGlobalCertificateVerification(bool enabled)
-{
-    Q_D(QWebEngineProfile);
-    d->profileAdapter()->setUseForGlobalCertificateVerification(enabled);
-}
-
-/*!
-    \since 5.13
-
-    \obsolete
-
-    Returns \c true if this profile is currently being used for global
-    certificate verification.
-*/
-bool QWebEngineProfile::isUsedForGlobalCertificateVerification() const
-{
-    Q_D(const QWebEngineProfile);
-    return d->profileAdapter()->isUsedForGlobalCertificateVerification();
-}
-
-/*!
     \since 5.7
 
     Removes the profile's cache entries.
diff --git a/src/core/api/qwebengineprofile.h b/src/core/api/qwebengineprofile.h
index 618576664..9d4572771 100644
--- a/src/core/api/qwebengineprofile.h
+++ b/src/core/api/qwebengineprofile.h
@@ -131,9 +131,6 @@ public:
     void setSpellCheckEnabled(bool enabled);
     bool isSpellCheckEnabled() const;
 
-    void setUseForGlobalCertificateVerification(bool enabled = true);
-    bool isUsedForGlobalCertificateVerification() const;
-
     QString downloadPath() const;
     void setDownloadPath(const QString &path);
 
diff --git a/src/core/net/system_network_context_manager.cpp b/src/core/net/system_network_context_manager.cpp
index 1fba115c6..6e564a355 100644
--- a/src/core/net/system_network_context_manager.cpp
+++ b/src/core/net/system_network_context_manager.cpp
@@ -237,7 +237,6 @@ void SystemNetworkContextManager::OnNetworkServiceCreated(network::mojom::Networ
 void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams(network::mojom::NetworkContextParams *network_context_params)
 {
     network_context_params->initial_ssl_config = network::mojom::SSLConfig::New();
-    network_context_params->initial_ssl_config->rev_checking_enabled = true;
     network_context_params->initial_ssl_config->symantec_enforcement_disabled = true;
 }
 
diff --git a/src/core/profile_adapter.cpp b/src/core/profile_adapter.cpp
index 60f74ff80..7f7b7181e 100644
--- a/src/core/profile_adapter.cpp
+++ b/src/core/profile_adapter.cpp
@@ -93,9 +93,6 @@ inline QString buildLocationFromStandardPath(const QString &standardPath, const
 
 namespace QtWebEngineCore {
 
-// static
-QPointer<ProfileAdapter> ProfileAdapter::s_profileForGlobalCertificateVerification;
-
 ProfileAdapter::ProfileAdapter(const QString &storageName):
       m_name(storageName)
     , m_offTheRecord(storageName.isEmpty())
@@ -677,38 +674,6 @@ void ProfileAdapter::reinitializeHistoryService()
     }
 }
 
-void ProfileAdapter::setUseForGlobalCertificateVerification(bool enable)
-{
-    if (m_usedForGlobalCertificateVerification == enable)
-        return;
-
-    m_usedForGlobalCertificateVerification = enable;
-    if (enable) {
-        if (s_profileForGlobalCertificateVerification) {
-            s_profileForGlobalCertificateVerification->m_usedForGlobalCertificateVerification = false;
-            for (auto *client : qAsConst(s_profileForGlobalCertificateVerification->m_clients))
-                client->useForGlobalCertificateVerificationChanged();
-        } else {
-            // OCSP enabled
-            for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters))
-                adapter->m_profile->m_profileIOData->resetNetworkContext();
-        }
-        s_profileForGlobalCertificateVerification = this;
-    } else {
-        Q_ASSERT(s_profileForGlobalCertificateVerification);
-        Q_ASSERT(s_profileForGlobalCertificateVerification == this);
-        s_profileForGlobalCertificateVerification = nullptr;
-        // OCSP disabled
-        for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters))
-            adapter->m_profile->m_profileIOData->resetNetworkContext();
-    }
-}
-
-bool ProfileAdapter::isUsedForGlobalCertificateVerification() const
-{
-    return m_usedForGlobalCertificateVerification;
-}
-
 QString ProfileAdapter::determineDownloadPath(const QString &downloadDirectory, const QString &suggestedFilename, const time_t &startTime)
 {
     QFileInfo suggestedFile(QDir(downloadDirectory).absoluteFilePath(suggestedFilename));
diff --git a/src/core/profile_adapter.h b/src/core/profile_adapter.h
index d88834d7c..373d6e2a9 100644
--- a/src/core/profile_adapter.h
+++ b/src/core/profile_adapter.h
@@ -205,9 +205,6 @@ public:
 
     void clearHttpCache();
 
-    void setUseForGlobalCertificateVerification(bool enable = true);
-    bool isUsedForGlobalCertificateVerification() const;
-
 #if QT_CONFIG(ssl)
     QWebEngineClientCertificateStore *clientCertificateStore();
 #endif
@@ -225,7 +222,6 @@ public:
                                std::function<void (const QIcon &, const QUrl &)> iconAvailableCallback);
     base::CancelableTaskTracker *cancelableTaskTracker() { return m_cancelableTaskTracker.get(); }
 
-    static QPointer<ProfileAdapter> s_profileForGlobalCertificateVerification;
 private:
     void updateCustomUrlSchemeHandlers();
     void resetVisitedLinksManager();
@@ -234,7 +230,6 @@ private:
 
     QString m_name;
     bool m_offTheRecord;
-    bool m_usedForGlobalCertificateVerification = false;
     QScopedPointer<ProfileQt> m_profile;
     QScopedPointer<VisitedLinksManagerQt> m_visitedLinksManager;
     QScopedPointer<DownloadManagerDelegateQt> m_downloadManagerDelegate;
diff --git a/src/core/profile_adapter_client.h b/src/core/profile_adapter_client.h
index 6a2ce6ba0..3f4dec606 100644
--- a/src/core/profile_adapter_client.h
+++ b/src/core/profile_adapter_client.h
@@ -140,7 +140,6 @@ public:
 
     virtual void downloadRequested(DownloadItemInfo &info) = 0;
     virtual void downloadUpdated(const DownloadItemInfo &info) = 0;
-    virtual void useForGlobalCertificateVerificationChanged() {}
     virtual void showNotification(QSharedPointer<UserNotificationController> &) { }
 
     virtual void addWebContentsAdapterClient(WebContentsAdapterClient *adapter) = 0;
diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp
index e22bac225..b6eff5f55 100644
--- a/src/core/profile_io_data_qt.cpp
+++ b/src/core/profile_io_data_qt.cpp
@@ -230,9 +230,6 @@ void ProfileIODataQt::ConfigureNetworkContextParams(bool in_memory,
 
     SystemNetworkContextManager::GetInstance()->ConfigureDefaultNetworkContextParams(network_context_params);
 
-    // FIXME: Faking old behavior to allow not enabling OCSP
-    network_context_params->initial_ssl_config->rev_checking_enabled = !ProfileAdapter::s_profileForGlobalCertificateVerification.isNull();
-
     network_context_params->context_name = m_storageName.toStdString();
     network_context_params->user_agent = m_httpUserAgent.toStdString();
     network_context_params->accept_language = m_httpAcceptLanguage.toStdString();