Remove ignore_certificate_errors setting (fixes issue #2899)

This removes CefSettings.ignore_certificate_errors and
CefBrowserSettings.ignore_certificate_errors. Due to NetworkService
requirements these values must now be configured globally via the
"ignore-certificate-errors" command-line flag.

include/cef_api_hash.h

@@ -42,13 +42,13 @@
 // way that may cause binary incompatibility with other builds. The universal
 // hash value will change if any platform is affected whereas the platform hash
 // values will change only if that particular platform is affected.
-#define CEF_API_HASH_UNIVERSAL "e73c0d9d941ac8976074cdbe19e7e0b3acc2760e"
+#define CEF_API_HASH_UNIVERSAL "21ac25aebdb49a8e8088c6fbee802b04fd07b501"
 #if defined(OS_WIN)
-#define CEF_API_HASH_PLATFORM "89b87efd9b49e2a5c662445c054f199e751f1aaa"
+#define CEF_API_HASH_PLATFORM "1d81ccb5ba2f6d658abde2faeb490c8f7f6a60fe"
 #elif defined(OS_MAC)
-#define CEF_API_HASH_PLATFORM "9c8b78a5a20443625c1e4be8e2ca106be3e741d7"
+#define CEF_API_HASH_PLATFORM "d6bd1ab64a160962ee0306625da5dd2a0cae8b31"
 #elif defined(OS_LINUX)
-#define CEF_API_HASH_PLATFORM "83056bb4a1d078cf7847a5d2ab10435e598e788d"
+#define CEF_API_HASH_PLATFORM "0b5227787444955a548b7544b2cdcda95a354506"
 #endif
 
 #ifdef __cplusplus

include/internal/cef_types.h

@@ -390,17 +390,6 @@ typedef struct _cef_settings_t {
   ///
   int uncaught_exception_stack_size;
 
-  ///
-  // Set to true (1) to ignore errors related to invalid SSL certificates.
-  // Enabling this setting can lead to potential security vulnerabilities like
-  // "man in the middle" attacks. Applications that load content from the
-  // internet should not enable this setting. Also configurable using the
-  // "ignore-certificate-errors" command-line switch. Can be overridden for
-  // individual CefRequestContext instances via the
-  // CefRequestContextSettings.ignore_certificate_errors value.
-  ///
-  int ignore_certificate_errors;
-
   ///
   // Background color used for the browser before a document is loaded and when
   // no document color is specified. The alpha component must be either fully
@@ -486,16 +475,6 @@ typedef struct _cef_request_context_settings_t {
   ///
   int persist_user_preferences;
 
-  ///
-  // Set to true (1) to ignore errors related to invalid SSL certificates.
-  // Enabling this setting can lead to potential security vulnerabilities like
-  // "man in the middle" attacks. Applications that load content from the
-  // internet should not enable this setting. Can be set globally using the
-  // CefSettings.ignore_certificate_errors value. This value will be ignored if
-  // |cache_path| matches the CefSettings.cache_path value.
-  ///
-  int ignore_certificate_errors;
-
   ///
   // Comma delimited ordered list of language codes without any whitespace that
   // will be used in the "Accept-Language" HTTP header. Can be set globally

include/internal/cef_types_wrappers.h

@@ -594,7 +594,6 @@ struct CefSettingsTraits {
     target->pack_loading_disabled = src->pack_loading_disabled;
     target->remote_debugging_port = src->remote_debugging_port;
     target->uncaught_exception_stack_size = src->uncaught_exception_stack_size;
-    target->ignore_certificate_errors = src->ignore_certificate_errors;
     target->background_color = src->background_color;
 
     cef_string_set(src->accept_language_list.str,
@@ -636,7 +635,6 @@ struct CefRequestContextSettingsTraits {
                    &target->cache_path, copy);
     target->persist_session_cookies = src->persist_session_cookies;
     target->persist_user_preferences = src->persist_user_preferences;
-    target->ignore_certificate_errors = src->ignore_certificate_errors;
     cef_string_set(src->accept_language_list.str,
                    src->accept_language_list.length,
                    &target->accept_language_list, copy);

libcef/browser/context.cc

@@ -434,9 +434,6 @@ void CefContext::PopulateGlobalRequestContextSettings(
   settings->persist_user_preferences =
       settings_.persist_user_preferences ||
       command_line->HasSwitch(switches::kPersistUserPreferences);
-  settings->ignore_certificate_errors =
-      settings_.ignore_certificate_errors ||
-      command_line->HasSwitch(switches::kIgnoreCertificateErrors);
 
   CefString(&settings->cookieable_schemes_list) =
       CefString(&settings_.cookieable_schemes_list);