Revert of Add OCSP stapling support to OS X (patchset #7 id:120001 of https://codereview.chromium.org/1392883004/ )

Reason for revert:
Turns out Apple added this API and then forgot to do anything with it; the response is copied, but never inspected by the OS.

Since we can't test what isn't supported (separate CL), just revert.

Original issue's description:
> Add OCSP stapling support to OS X
>
> OS X has supported stapling OCSP responses to the SecTrust via the
> public, but not well documented, SecTrustSetOCSPResponse.
>
> BUG=430714
>
> Committed: https://crrev.com/6abd14cf682e7b839d293e3bd75e38336c906357
> Cr-Commit-Position: refs/heads/master@{#355213}

TBR=rsesek@chromium.org,mattm@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=430714

Review URL: https://codereview.chromium.org/1420843003

Cr-Commit-Position: refs/heads/master@{#355446}

1 files changed, 6 insertions, 26 deletions

diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc
index 8c0bddd..c0eb068 100644
--- a/net/cert/cert_verify_proc_mac.cc
+++ b/net/cert/cert_verify_proc_mac.cc
@@ -13,7 +13,6 @@
 
 #include "base/logging.h"
 #include "base/mac/mac_logging.h"
-#include "base/mac/mac_util.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/sha1.h"
 #include "base/strings/string_piece.h"
@@ -39,12 +38,6 @@
 
 using base::ScopedCFTypeRef;
 
-extern "C" {
-// Declared in <Security/SecTrust.h>, available in 10.9+
-OSStatus SecTrustSetOCSPResponse(SecTrustRef, CFTypeRef)
-    __attribute__((weak_import));
-}  // extern "C"
-
 namespace net {
 
 namespace {
@@ -387,7 +380,6 @@ bool IsIssuedByKnownRoot(CFArrayRef chain) {
 // held.
 int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,
                                 CFArrayRef trust_policies,
-                                const std::string& ocsp_response,
                                 int flags,
                                 ScopedCFTypeRef<SecTrustRef>* trust_ref,
                                 SecTrustResultType* trust_result,
@@ -451,20 +443,6 @@ int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,
   if (status)
     return NetErrorFromOSStatus(status);
 
-  // Copy the stapled OCSP data; for EV certs, this can avoid an online
-  // revocation check, as OS X force-enables revocation checking for EV.
-  if (&SecTrustSetOCSPResponse != nullptr) {
-    ScopedCFTypeRef<CFDataRef> ocsp_data(
-        CFDataCreate(kCFAllocatorDefault,
-                     reinterpret_cast<const UInt8*>(ocsp_response.data()),
-                     ocsp_response.size()));
-    if (ocsp_data) {
-      status = SecTrustSetOCSPResponse(tmp_trust, ocsp_data);
-      if (status)
-        return NetErrorFromOSStatus(status);
-    }
-  }
-
   // Verify the certificate. A non-zero result from SecTrustGetResult()
   // indicates that some fatal error occurred and the chain couldn't be
   // processed, not that the chain contains no errors. We need to examine the
@@ -499,7 +477,9 @@ bool CertVerifyProcMac::SupportsAdditionalTrustAnchors() const {
 }
 
 bool CertVerifyProcMac::SupportsOCSPStapling() const {
-  return base::mac::IsOSMavericksOrLater();
+  // TODO(rsleevi): Plumb an OCSP response into the Mac system library.
+  // https://crbug.com/430714
+  return false;
 }
 
 int CertVerifyProcMac::VerifyInternal(
@@ -585,9 +565,9 @@ int CertVerifyProcMac::VerifyInternal(
     ScopedCFTypeRef<CFArrayRef> temp_chain;
     CSSM_TP_APPLE_EVIDENCE_INFO* temp_chain_info = NULL;
 
-    int rv = BuildAndEvaluateSecTrustRef(
-        cert_array, trust_policies, ocsp_response, flags, &temp_ref,
-        &temp_trust_result, &temp_chain, &temp_chain_info);
+    int rv = BuildAndEvaluateSecTrustRef(cert_array, trust_policies, flags,
+                                         &temp_ref, &temp_trust_result,
+                                         &temp_chain, &temp_chain_info);
     if (rv != OK)
       return rv;