We have a customer who is having problem with certificate transparency (CT) in our CEF product.
They tried using chrome 56 and still saw the CT warning. Then we ask them to use 'CertificateTransparencyEnforcementDisabledForUrls' registry setting as described here http://www.chromium.org/administrators/ ... ledForUrls and everything worked fine.
So few questions:
1. Does this mechanism work in CEF: http://www.chromium.org/administrators/ ... ledForUrls ? If so, how?
2. If not, how can we disable CT checking for urls or altogether?
Our current build of CEF is from this githash: https://bitbucket.org/chromiumembedded/ ... e5?at=2883 which is 3.2883.1539.gd7f087e
FYI, did see this other discussion https://bitbucket.org/chromiumembedded/ ... ansparency and tried add command line flag --enable-net-security-expiration=false but it no effect.
Thanks.
Chromium Embedded Framework Forum
Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.
certificate transparency problem
3 posts
• Page 1 of 1
certificate transparency problem
by lneir » Tue Feb 21, 2017 3:20 pm
- lneir
- Newbie
- Posts: 7
- Joined: Fri Dec 19, 2014 5:55 pm
Re: certificate transparency problem
by magreenblatt » Tue Feb 21, 2017 3:31 pm
CT expiration based on build age is disabled in https://bitbucket.org/chromiumembedded/ ... ansparency and you do not need to pass any command-line flags for that behavior. CT checking in general is still enabled. You can use CefRequestHandler::OnCertificateError to allow invalid certificates.
- magreenblatt
- Site Admin
- Posts: 12409
- Joined: Fri May 29, 2009 6:57 pm
Re: certificate transparency problem
by lneir » Tue Feb 21, 2017 8:56 pm
thanks, yes i did find a hook in that callback where i can detect CT errors.
- lneir
- Newbie
- Posts: 7
- Joined: Fri Dec 19, 2014 5:55 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 31 guests