QSslSocket: Deprecate add[Default]CaCertificate[s]

As a separation of concerns the QSslSocket should not be dealing what is
QSslConfiguration's job. The other related functions
(e.g. setCaCertificates) was deprecated in Qt 5.5.

Change-Id: I3f214148adc5270ae651d0b27d83fe374b1516b8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

src/network/ssl/qsslsocket.cpp

@@ -139,10 +139,21 @@
     before the handshake phase with setLocalCertificate() and
     setPrivateKey().
     \li The CA certificate database can be extended and customized with
-    addCaCertificate(), addCaCertificates(), addDefaultCaCertificate(),
-    addDefaultCaCertificates(), and QSslConfiguration::defaultConfiguration().setCaCertificates().
+    QSslConfiguration::addCaCertificate(),
+    QSslConfiguration::addCaCertificates().
     \endlist
 
+    To extend the list of \e default CA certificates used by the SSL sockets
+    during the SSL handshake you must update the default configuration, as
+    in the snippet below:
+
+    \code
+        QList<QSslCertificate> certificates = getCertificates();
+        QSslConfiguration configuration = QSslConfiguration::defaultConfiguration();
+        configuration.addCaCertificates(certificates);
+        QSslConfiguration::setDefaultConfiguration(configuration);
+    \endcode
+
     \note If available, root certificates on Unix (excluding \macos) will be
     loaded on demand from the standard certificate directories. If you do not
     want to load root certificates on demand, you need to call either
@@ -1384,6 +1395,10 @@ QList<QSslCipher> QSslSocket::supportedCiphers()
 #endif  // #if QT_DEPRECATED_SINCE(5, 5)
 
 /*!
+  \deprecated
+
+  Use QSslConfiguration::addCaCertificates() instead.
+
   Searches all files in the \a path for certificates encoded in the
   specified \a format and adds them to this socket's CA certificate
   database. \a path must be a file or a pattern matching one or more
@@ -1411,6 +1426,10 @@ bool QSslSocket::addCaCertificates(const QString &path, QSsl::EncodingFormat for
 }
 
 /*!
+  \deprecated
+
+  Use QSslConfiguration::addCaCertificate() instead.
+
   Adds the \a certificate to this socket's CA certificate database.
   The CA certificate database is used by the socket during the
   handshake phase to validate the peer's certificate.
@@ -1427,6 +1446,10 @@ void QSslSocket::addCaCertificate(const QSslCertificate &certificate)
 }
 
 /*!
+  \deprecated
+
+  Use QSslConfiguration::addCaCertificates() instead.
+
   Adds the \a certificates to this socket's CA certificate database.
   The CA certificate database is used by the socket during the
   handshake phase to validate the peer's certificate.
@@ -1489,6 +1512,10 @@ QList<QSslCertificate> QSslSocket::caCertificates() const
 #endif  // #if QT_DEPRECATED_SINCE(5, 5)
 
 /*!
+    \deprecated
+
+    Use QSslConfiguration::addCaCertificates() on the default QSslConfiguration instead.
+
     Searches all files in the \a path for certificates with the
     specified \a encoding and adds them to the default CA certificate
     database. \a path can be an explicit file, or it can contain
@@ -1498,8 +1525,8 @@ QList<QSslCertificate> QSslSocket::caCertificates() const
     Each SSL socket's CA certificate database is initialized to the
     default CA certificate database.
 
-    \sa QSslConfiguration::caCertificates(), addCaCertificates(),
-        addDefaultCaCertificate()
+    \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates(),
+        QSslConfiguration::addDefaultCaCertificate()
 */
 bool QSslSocket::addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat encoding,
                                           QRegExp::PatternSyntax syntax)
@@ -1508,11 +1535,15 @@ bool QSslSocket::addDefaultCaCertificates(const QString &path, QSsl::EncodingFor
 }
 
 /*!
+    \deprecated
+
+    Use QSslConfiguration::addCaCertificate() on the default QSslConfiguration instead.
+
     Adds \a certificate to the default CA certificate database.  Each
     SSL socket's CA certificate database is initialized to the default
     CA certificate database.
 
-    \sa QSslConfiguration::caCertificates(), addCaCertificates()
+    \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates()
 */
 void QSslSocket::addDefaultCaCertificate(const QSslCertificate &certificate)
 {
@@ -1520,11 +1551,15 @@ void QSslSocket::addDefaultCaCertificate(const QSslCertificate &certificate)
 }
 
 /*!
+    \deprecated
+
+    Use QSslConfiguration::addCaCertificates() on the default QSslConfiguration instead.
+
     Adds \a certificates to the default CA certificate database.  Each
     SSL socket's CA certificate database is initialized to the default
     CA certificate database.
 
-    \sa QSslConfiguration::caCertificates(), addCaCertificates()
+    \sa QSslConfiguration::caCertificates(), QSslConfiguration::addCaCertificates()
 */
 void QSslSocket::addDefaultCaCertificates(const QList<QSslCertificate> &certificates)
 {

src/network/ssl/qsslsocket.h

@@ -164,18 +164,22 @@ public:
 #endif // QT_DEPRECATED_SINCE(5, 5)
 
     // CA settings.
-    bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
+#if QT_DEPRECATED_SINCE(5, 15)
+    QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificates()") bool addCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
                            QRegExp::PatternSyntax syntax = QRegExp::FixedString);
-    void addCaCertificate(const QSslCertificate &certificate);
-    void addCaCertificates(const QList<QSslCertificate> &certificates);
+    QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificate()") void addCaCertificate(const QSslCertificate &certificate);
+    QT_DEPRECATED_X("Use QSslConfiguration::addCaCertificates()") void addCaCertificates(const QList<QSslCertificate> &certificates);
+#endif // QT_DEPRECATED_SINCE(5, 15)
 #if QT_DEPRECATED_SINCE(5, 5)
     QT_DEPRECATED_X("Use QSslConfiguration::setCaCertificates()") void setCaCertificates(const QList<QSslCertificate> &certificates);
     QT_DEPRECATED_X("Use QSslConfiguration::caCertificates()") QList<QSslCertificate> caCertificates() const;
 #endif // QT_DEPRECATED_SINCE(5, 5)
-    static bool addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
+#if QT_DEPRECATED_SINCE(5, 15)
+    QT_DEPRECATED static bool addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
                                          QRegExp::PatternSyntax syntax = QRegExp::FixedString);
-    static void addDefaultCaCertificate(const QSslCertificate &certificate);
-    static void addDefaultCaCertificates(const QList<QSslCertificate> &certificates);
+    QT_DEPRECATED static void addDefaultCaCertificate(const QSslCertificate &certificate);
+    QT_DEPRECATED static void addDefaultCaCertificates(const QList<QSslCertificate> &certificates);
+#endif // QT_DEPRECATED_SINCE(5, 15)
 #if QT_DEPRECATED_SINCE(5, 5)
     QT_DEPRECATED static void setDefaultCaCertificates(const QList<QSslCertificate> &certificates);
     QT_DEPRECATED static QList<QSslCertificate> defaultCaCertificates();