From bbab484dc45ae2391065d07e1f68027bb53e44d9 Mon Sep 17 00:00:00 2001 From: Peter Varga Date: Thu, 20 May 2021 16:10:59 +0200 Subject: Remove deprecated useforglobalcertificateverification It enabled an unrecommended OCSP path on Linux [ChangeLog] (Q)WebEngineSettings::useForGlobalCertificateVerification has been removed. Task-number: QTBUG-91467 Change-Id: I9f5d1ad5e4fcb59abd31e6a133ded7bf8319c811 Reviewed-by: Kirill Burtsev (cherry picked from commit 8f7a386a5228428122813ebea1d7489783b00633) Reviewed-by: Qt Cherry-pick Bot --- .../webengine/quicknanobrowser/ApplicationRoot.qml | 1 - examples/webenginewidgets/simplebrowser/main.cpp | 1 - src/core/api/qwebengineprofile.cpp | 43 -------------- src/core/api/qwebengineprofile.h | 3 - src/core/net/system_network_context_manager.cpp | 1 - src/core/profile_adapter.cpp | 35 ----------- src/core/profile_adapter.h | 5 -- src/core/profile_adapter_client.h | 1 - src/core/profile_io_data_qt.cpp | 3 - src/webenginequick/api/qquickwebengineprofile.cpp | 69 ---------------------- src/webenginequick/api/qquickwebengineprofile.h | 9 --- src/webenginequick/api/qquickwebengineprofile_p.h | 2 - .../core/certificateerror/tst_certificateerror.cpp | 1 - tests/auto/quick/publicapi/tst_publicapi.cpp | 2 - tests/auto/quick/qmltests/CMakeLists.txt | 1 - .../quick/qmltests/data/tst_certificateError.qml | 1 - tests/auto/quick/qmltests/data/tst_profile.qml | 66 --------------------- .../qwebengineprofile/tst_qwebengineprofile.cpp | 20 ------- 18 files changed, 264 deletions(-) delete mode 100644 tests/auto/quick/qmltests/data/tst_profile.qml diff --git a/examples/webengine/quicknanobrowser/ApplicationRoot.qml b/examples/webengine/quicknanobrowser/ApplicationRoot.qml index 22ca87dc1..ad757ebc3 100644 --- a/examples/webengine/quicknanobrowser/ApplicationRoot.qml +++ b/examples/webengine/quicknanobrowser/ApplicationRoot.qml @@ -57,7 +57,6 @@ QtObject { property QtObject defaultProfile: WebEngineProfile { storageName: "Profile" offTheRecord: false - useForGlobalCertificateVerification: true } property QtObject otrProfile: WebEngineProfile { diff --git a/examples/webenginewidgets/simplebrowser/main.cpp b/examples/webenginewidgets/simplebrowser/main.cpp index 19aae839c..61acee4d1 100644 --- a/examples/webenginewidgets/simplebrowser/main.cpp +++ b/examples/webenginewidgets/simplebrowser/main.cpp @@ -74,7 +74,6 @@ int main(int argc, char **argv) QWebEngineProfile::defaultProfile()->settings()->setAttribute(QWebEngineSettings::PluginsEnabled, true); QWebEngineProfile::defaultProfile()->settings()->setAttribute(QWebEngineSettings::DnsPrefetchEnabled, true); - QWebEngineProfile::defaultProfile()->setUseForGlobalCertificateVerification(); QUrl url = commandLineUrlArgument(); diff --git a/src/core/api/qwebengineprofile.cpp b/src/core/api/qwebengineprofile.cpp index 116846376..6ec48e75b 100644 --- a/src/core/api/qwebengineprofile.cpp +++ b/src/core/api/qwebengineprofile.cpp @@ -804,49 +804,6 @@ void QWebEngineProfile::removeAllUrlSchemeHandlers() d->profileAdapter()->removeAllUrlSchemeHandlers(); } -/*! - \since 5.13 - - \obsolete - - Sets if this profile is to be used for downloading and caching when needed - during certificate verification, for instance for OCSP, CRLs, and AIA. - - Only one QWebEngineProfile can do this at a time, and it is recommended - that the profile fullfilling this role has a disk HTTP cache to avoid - needlessly re-downloading. If you set the option on a second profile, - it will be disabled on the profile it is currently set. - - As long as one profile has \a enabled set to \c true, all other profiles - will be able to use it for their certificate verification. - - Originally only affected Linux/NSS installations where it enabled OCSP. - - Since 5.15.3, no longer does anything. Certificate verification is done - using AIO on the requesting profile. - - \sa isUsedForGlobalCertificateVerification(), httpCacheType() -*/ -void QWebEngineProfile::setUseForGlobalCertificateVerification(bool enabled) -{ - Q_D(QWebEngineProfile); - d->profileAdapter()->setUseForGlobalCertificateVerification(enabled); -} - -/*! - \since 5.13 - - \obsolete - - Returns \c true if this profile is currently being used for global - certificate verification. -*/ -bool QWebEngineProfile::isUsedForGlobalCertificateVerification() const -{ - Q_D(const QWebEngineProfile); - return d->profileAdapter()->isUsedForGlobalCertificateVerification(); -} - /*! \since 5.7 diff --git a/src/core/api/qwebengineprofile.h b/src/core/api/qwebengineprofile.h index 618576664..9d4572771 100644 --- a/src/core/api/qwebengineprofile.h +++ b/src/core/api/qwebengineprofile.h @@ -131,9 +131,6 @@ public: void setSpellCheckEnabled(bool enabled); bool isSpellCheckEnabled() const; - void setUseForGlobalCertificateVerification(bool enabled = true); - bool isUsedForGlobalCertificateVerification() const; - QString downloadPath() const; void setDownloadPath(const QString &path); diff --git a/src/core/net/system_network_context_manager.cpp b/src/core/net/system_network_context_manager.cpp index 1fba115c6..6e564a355 100644 --- a/src/core/net/system_network_context_manager.cpp +++ b/src/core/net/system_network_context_manager.cpp @@ -237,7 +237,6 @@ void SystemNetworkContextManager::OnNetworkServiceCreated(network::mojom::Networ void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams(network::mojom::NetworkContextParams *network_context_params) { network_context_params->initial_ssl_config = network::mojom::SSLConfig::New(); - network_context_params->initial_ssl_config->rev_checking_enabled = true; network_context_params->initial_ssl_config->symantec_enforcement_disabled = true; } diff --git a/src/core/profile_adapter.cpp b/src/core/profile_adapter.cpp index 60f74ff80..7f7b7181e 100644 --- a/src/core/profile_adapter.cpp +++ b/src/core/profile_adapter.cpp @@ -93,9 +93,6 @@ inline QString buildLocationFromStandardPath(const QString &standardPath, const namespace QtWebEngineCore { -// static -QPointer ProfileAdapter::s_profileForGlobalCertificateVerification; - ProfileAdapter::ProfileAdapter(const QString &storageName): m_name(storageName) , m_offTheRecord(storageName.isEmpty()) @@ -677,38 +674,6 @@ void ProfileAdapter::reinitializeHistoryService() } } -void ProfileAdapter::setUseForGlobalCertificateVerification(bool enable) -{ - if (m_usedForGlobalCertificateVerification == enable) - return; - - m_usedForGlobalCertificateVerification = enable; - if (enable) { - if (s_profileForGlobalCertificateVerification) { - s_profileForGlobalCertificateVerification->m_usedForGlobalCertificateVerification = false; - for (auto *client : qAsConst(s_profileForGlobalCertificateVerification->m_clients)) - client->useForGlobalCertificateVerificationChanged(); - } else { - // OCSP enabled - for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters)) - adapter->m_profile->m_profileIOData->resetNetworkContext(); - } - s_profileForGlobalCertificateVerification = this; - } else { - Q_ASSERT(s_profileForGlobalCertificateVerification); - Q_ASSERT(s_profileForGlobalCertificateVerification == this); - s_profileForGlobalCertificateVerification = nullptr; - // OCSP disabled - for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters)) - adapter->m_profile->m_profileIOData->resetNetworkContext(); - } -} - -bool ProfileAdapter::isUsedForGlobalCertificateVerification() const -{ - return m_usedForGlobalCertificateVerification; -} - QString ProfileAdapter::determineDownloadPath(const QString &downloadDirectory, const QString &suggestedFilename, const time_t &startTime) { QFileInfo suggestedFile(QDir(downloadDirectory).absoluteFilePath(suggestedFilename)); diff --git a/src/core/profile_adapter.h b/src/core/profile_adapter.h index d88834d7c..373d6e2a9 100644 --- a/src/core/profile_adapter.h +++ b/src/core/profile_adapter.h @@ -205,9 +205,6 @@ public: void clearHttpCache(); - void setUseForGlobalCertificateVerification(bool enable = true); - bool isUsedForGlobalCertificateVerification() const; - #if QT_CONFIG(ssl) QWebEngineClientCertificateStore *clientCertificateStore(); #endif @@ -225,7 +222,6 @@ public: std::function iconAvailableCallback); base::CancelableTaskTracker *cancelableTaskTracker() { return m_cancelableTaskTracker.get(); } - static QPointer s_profileForGlobalCertificateVerification; private: void updateCustomUrlSchemeHandlers(); void resetVisitedLinksManager(); @@ -234,7 +230,6 @@ private: QString m_name; bool m_offTheRecord; - bool m_usedForGlobalCertificateVerification = false; QScopedPointer m_profile; QScopedPointer m_visitedLinksManager; QScopedPointer m_downloadManagerDelegate; diff --git a/src/core/profile_adapter_client.h b/src/core/profile_adapter_client.h index 6a2ce6ba0..3f4dec606 100644 --- a/src/core/profile_adapter_client.h +++ b/src/core/profile_adapter_client.h @@ -140,7 +140,6 @@ public: virtual void downloadRequested(DownloadItemInfo &info) = 0; virtual void downloadUpdated(const DownloadItemInfo &info) = 0; - virtual void useForGlobalCertificateVerificationChanged() {} virtual void showNotification(QSharedPointer &) { } virtual void addWebContentsAdapterClient(WebContentsAdapterClient *adapter) = 0; diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp index e22bac225..b6eff5f55 100644 --- a/src/core/profile_io_data_qt.cpp +++ b/src/core/profile_io_data_qt.cpp @@ -230,9 +230,6 @@ void ProfileIODataQt::ConfigureNetworkContextParams(bool in_memory, SystemNetworkContextManager::GetInstance()->ConfigureDefaultNetworkContextParams(network_context_params); - // FIXME: Faking old behavior to allow not enabling OCSP - network_context_params->initial_ssl_config->rev_checking_enabled = !ProfileAdapter::s_profileForGlobalCertificateVerification.isNull(); - network_context_params->context_name = m_storageName.toStdString(); network_context_params->user_agent = m_httpUserAgent.toStdString(); network_context_params->accept_language = m_httpAcceptLanguage.toStdString(); diff --git a/src/webenginequick/api/qquickwebengineprofile.cpp b/src/webenginequick/api/qquickwebengineprofile.cpp index e11df2f94..d3909418d 100644 --- a/src/webenginequick/api/qquickwebengineprofile.cpp +++ b/src/webenginequick/api/qquickwebengineprofile.cpp @@ -297,12 +297,6 @@ void QQuickWebEngineProfilePrivate::downloadUpdated(const DownloadItemInfo &info } } -void QQuickWebEngineProfilePrivate::useForGlobalCertificateVerificationChanged() -{ - Q_Q(QQuickWebEngineProfile); - Q_EMIT q->useForGlobalCertificateVerificationChanged(); -} - void QQuickWebEngineProfilePrivate::showNotification(QSharedPointer &controller) { Q_Q(QQuickWebEngineProfile); @@ -798,69 +792,6 @@ bool QQuickWebEngineProfile::isSpellCheckEnabled() const return d->profileAdapter()->isSpellCheckEnabled(); } -/*! - \property QQuickWebEngineProfile::useForGlobalCertificateVerification - \since 5.13 - \obsolete - - This property holds whether this profile is used for downloading and - caching during global certificate verification when using the online - certificate status protocol (OCSP), certificate revokation lists (CRLs), - and authority information access (AIA), for example. - - As long as one profile has this option enabled, all other profiles will be - able to use it for certificate verification. Only one profile at a time can - have this option enabled. It is recommended that the profile has a disk HTTP - cache to avoid needlessly re-downloading. - - By default, no profile has this property enabled. - - Originally only affected Linux/NSS installations, where having a profile with - this role enabled OCSP. - - Since 5.15.3 no longer does anything, and certificate verification is now - done using AIO on the requesting profile. -*/ - -/*! - \qmlproperty bool WebEngineProfile::useForGlobalCertificateVerification - \since QtWebEngine 1.9 - \obsolete - - This property holds whether this profile is used for downloading and - caching during global certificate verification when using the online - certificate status protocol (OCSP), certificate revokation lists (CRLs), - and authority information access (AIA), for example. - - As long as one profile has this option enabled, all other profiles will be - able to use it for certificate verification. Only one profile at a time can - have this option enabled. It is recommended that the profile has a disk HTTP - cache to avoid needlessly re-downloading. - - By default, no profile has this property enabled. - - Originally only affected Linux/NSS installations, where having a profile with - this role enabled OCSP. - - Since 5.15.3 no longer does anything, and certificate verification is now - done using AIO on the requesting profile. -*/ - -void QQuickWebEngineProfile::setUseForGlobalCertificateVerification(bool enable) -{ - Q_D(QQuickWebEngineProfile); - if (enable != d->profileAdapter()->isUsedForGlobalCertificateVerification()) { - d->profileAdapter()->setUseForGlobalCertificateVerification(enable); - emit useForGlobalCertificateVerificationChanged(); - } -} - -bool QQuickWebEngineProfile::isUsedForGlobalCertificateVerification() const -{ - const Q_D(QQuickWebEngineProfile); - return d->profileAdapter()->isUsedForGlobalCertificateVerification(); -} - /*! \qmlproperty string WebEngineProfile::downloadPath \since QtWebEngine 1.9 diff --git a/src/webenginequick/api/qquickwebengineprofile.h b/src/webenginequick/api/qquickwebengineprofile.h index 393bba0ae..5ffcbf442 100644 --- a/src/webenginequick/api/qquickwebengineprofile.h +++ b/src/webenginequick/api/qquickwebengineprofile.h @@ -73,11 +73,6 @@ class Q_WEBENGINE_EXPORT QQuickWebEngineProfile : public QObject { Q_PROPERTY(QStringList spellCheckLanguages READ spellCheckLanguages WRITE setSpellCheckLanguages NOTIFY spellCheckLanguagesChanged FINAL REVISION(1,3)) Q_PROPERTY(bool spellCheckEnabled READ isSpellCheckEnabled WRITE setSpellCheckEnabled NOTIFY spellCheckEnabledChanged FINAL REVISION(1,3)) Q_PROPERTY(QQuickWebEngineScriptCollection *userScripts READ userScripts) - Q_PROPERTY(bool useForGlobalCertificateVerification - READ isUsedForGlobalCertificateVerification - WRITE setUseForGlobalCertificateVerification - NOTIFY useForGlobalCertificateVerificationChanged - FINAL REVISION(1,5)) Q_PROPERTY(QString downloadPath READ downloadPath WRITE setDownloadPath NOTIFY downloadPathChanged FINAL REVISION(1,5)) QML_NAMED_ELEMENT(WebEngineProfile) QML_ADDED_IN_VERSION(1, 1) @@ -147,9 +142,6 @@ public: QQuickWebEngineScriptCollection *userScripts() const; - void setUseForGlobalCertificateVerification(bool b); - bool isUsedForGlobalCertificateVerification() const; - QString downloadPath() const; void setDownloadPath(const QString &path); @@ -169,7 +161,6 @@ Q_SIGNALS: Q_REVISION(1,1) void httpAcceptLanguageChanged(); Q_REVISION(1,3) void spellCheckLanguagesChanged(); Q_REVISION(1,3) void spellCheckEnabledChanged(); - Q_REVISION(1,5) void useForGlobalCertificateVerificationChanged(); Q_REVISION(1,5) void downloadPathChanged(); void downloadRequested(QQuickWebEngineDownloadRequest *download); void downloadFinished(QQuickWebEngineDownloadRequest *download); diff --git a/src/webenginequick/api/qquickwebengineprofile_p.h b/src/webenginequick/api/qquickwebengineprofile_p.h index 8c2b14fda..8e465d876 100644 --- a/src/webenginequick/api/qquickwebengineprofile_p.h +++ b/src/webenginequick/api/qquickwebengineprofile_p.h @@ -86,8 +86,6 @@ public: void downloadRequested(DownloadItemInfo &info) override; void downloadUpdated(const DownloadItemInfo &info) override; - void useForGlobalCertificateVerificationChanged() override; - void showNotification(QSharedPointer &controller) override; private: diff --git a/tests/auto/core/certificateerror/tst_certificateerror.cpp b/tests/auto/core/certificateerror/tst_certificateerror.cpp index 74c7e3bd4..a2b15a1ae 100644 --- a/tests/auto/core/certificateerror/tst_certificateerror.cpp +++ b/tests/auto/core/certificateerror/tst_certificateerror.cpp @@ -30,7 +30,6 @@ #include #include -#include #include #include diff --git a/tests/auto/quick/publicapi/tst_publicapi.cpp b/tests/auto/quick/publicapi/tst_publicapi.cpp index a0db27fab..52e2454af 100644 --- a/tests/auto/quick/publicapi/tst_publicapi.cpp +++ b/tests/auto/quick/publicapi/tst_publicapi.cpp @@ -388,8 +388,6 @@ static const QStringList expectedAPI = QStringList() << "QQuickWebEngineProfile.spellCheckLanguagesChanged() --> void" << "QQuickWebEngineProfile.storageName --> QString" << "QQuickWebEngineProfile.storageNameChanged() --> void" - << "QQuickWebEngineProfile.useForGlobalCertificateVerification --> bool" - << "QQuickWebEngineProfile.useForGlobalCertificateVerificationChanged() --> void" << "QQuickWebEngineProfile.userScripts --> QQuickWebEngineScriptCollection*" << "QQuickWebEngineSettings.AllowAllUnknownUrlSchemes --> UnknownUrlSchemePolicy" << "QQuickWebEngineSettings.AllowUnknownUrlSchemesFromUserInteraction --> UnknownUrlSchemePolicy" diff --git a/tests/auto/quick/qmltests/CMakeLists.txt b/tests/auto/quick/qmltests/CMakeLists.txt index 0d3b973bc..2cbc52f5f 100644 --- a/tests/auto/quick/qmltests/CMakeLists.txt +++ b/tests/auto/quick/qmltests/CMakeLists.txt @@ -38,7 +38,6 @@ set(testList tst_navigationRequested.qml tst_newViewRequest.qml tst_notification.qml - tst_profile.qml tst_properties.qml tst_runJavaScript.qml tst_scrollPosition.qml diff --git a/tests/auto/quick/qmltests/data/tst_certificateError.qml b/tests/auto/quick/qmltests/data/tst_certificateError.qml index dcfd13498..a707f4a74 100644 --- a/tests/auto/quick/qmltests/data/tst_certificateError.qml +++ b/tests/auto/quick/qmltests/data/tst_certificateError.qml @@ -56,7 +56,6 @@ TestWebEngineView { request.sendResponse() }) view.settings.errorPageEnabled = false - view.profile.useForGlobalCertificateVerification = true } function init() { diff --git a/tests/auto/quick/qmltests/data/tst_profile.qml b/tests/auto/quick/qmltests/data/tst_profile.qml deleted file mode 100644 index ee7fa4e99..000000000 --- a/tests/auto/quick/qmltests/data/tst_profile.qml +++ /dev/null @@ -1,66 +0,0 @@ -/**************************************************************************** -** -** Copyright (C) 2018 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the QtWebEngine module of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ - -import QtQuick 2.0 -import QtTest 1.0 -import QtWebEngine 1.9 - -TestWebEngineView { - id: webEngineView - width: 400 - height: 300 - - - WebEngineProfile { - id: profile1 - } - WebEngineProfile { - id: profile2 - } - property bool profile1UsedForGlobalCertificateVerification: profile1.useForGlobalCertificateVerification - - TestCase { - name: "WebEngineProfile" - - function test_useForGlobalCertificateVerification() { - verify(!profile1.useForGlobalCertificateVerification); - verify(!profile2.useForGlobalCertificateVerification); - verify(!webEngineView.profile1UsedForGlobalCertificateVerification); - - profile1.useForGlobalCertificateVerification = true; - verify(profile1.useForGlobalCertificateVerification); - verify(!profile2.useForGlobalCertificateVerification); - verify(webEngineView.profile1UsedForGlobalCertificateVerification); - - profile2.useForGlobalCertificateVerification = true; - verify(!webEngineView.profile1UsedForGlobalCertificateVerification); - verify(!profile1.useForGlobalCertificateVerification); - verify(profile2.useForGlobalCertificateVerification); - } - } -} diff --git a/tests/auto/widgets/qwebengineprofile/tst_qwebengineprofile.cpp b/tests/auto/widgets/qwebengineprofile/tst_qwebengineprofile.cpp index a998d7998..662e7a44f 100644 --- a/tests/auto/widgets/qwebengineprofile/tst_qwebengineprofile.cpp +++ b/tests/auto/widgets/qwebengineprofile/tst_qwebengineprofile.cpp @@ -77,7 +77,6 @@ private Q_SLOTS: void changePersistentPath(); void changeHttpUserAgent(); void changeHttpAcceptLanguage(); - void changeUseForGlobalCertificateVerification(); void changePersistentCookiesPolicy(); void initiator(); void badDeleteOrder(); @@ -912,25 +911,6 @@ void tst_QWebEngineProfile::changeHttpAcceptLanguage() QVERIFY(server.stop()); } -void tst_QWebEngineProfile::changeUseForGlobalCertificateVerification() -{ - TestServer server; - QVERIFY(server.start()); - - // Check that we don't crash - - QWebEngineProfile profile(QStringLiteral("changeUseForGlobalCertifateVerification")); - std::unique_ptr page; - page.reset(new QWebEnginePage(&profile)); - QVERIFY(loadSync(page.get(), server.url("/hedgehog.html"))); - page.reset(); - profile.setUseForGlobalCertificateVerification(true); - page.reset(new QWebEnginePage(&profile)); - QVERIFY(loadSync(page.get(), server.url("/hedgehog.html"))); - // Don't check for error: there can be disconnects during GET hedgehog.png. - (void)server.stop(); -} - void tst_QWebEngineProfile::changePersistentCookiesPolicy() { TestServer server; -- cgit v1.2.3