[ios] Removed CRLSets usage for WKWebView.

SecTrust API is used to make load/no-load decision for certs, while CertVerifier is used to get rejection reason. Using CRLSets to get rejection reason is impractical, because iOS blacklist is very different from Chrome blacklist as well as cost to store CRLSets on disk is very high. BUG=None Review URL: https://codereview.chromium.org/1465513002 Cr-Commit-Position: refs/heads/master@{#361212} (cherry picked from commit c8fa67c) Review URL: https://codereview.chromium.org/1488733002 . Cr-Commit-Position: refs/branch-heads/2564@{#162} Cr-Branched-From: 1283eca-refs/heads/master@{#359700}
crosswalk-project · Nov 30, 2015 · 0a98514 · 0a98514
1 parent 21daec0
commit 0a98514
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/ios/web/net/crw_cert_verification_controller.mm b/ios/web/net/crw_cert_verification_controller.mm
@@ -18,7 +18,6 @@
 #include "ios/web/public/web_thread.h"
 #import "ios/web/web_state/wk_web_view_security_util.h"
 #include "net/cert/cert_verify_result.h"
-#include "net/ssl/ssl_config_service.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 
@@ -430,8 +429,9 @@ - (void)verifyCert:(const scoped_refptr<net::X509Certificate>&)cert
         web::CertVerifierBlockAdapter::Params params(
             blockCert.Pass(), base::SysNSStringToUTF8(host));
         params.flags = self.certVerifyFlags;
-        params.crl_set = net::SSLConfigService::GetCRLSet();
         // OCSP response is not provided by iOS API.
+        // CRLSets are not used, as the OS is used to make load/no-load
+        // decisions, not the CertVerifier.
         _certVerifier->Verify(params, ^(net::CertVerifyResult result, int) {
           completionHandler(result, YES);
         });