jaehoony wrote:Hello,
I'm using CEF 3325 and I'm trying to display the certificate information to the users, but I'm not sure what's the best way to go about it.
How can I determine the main certificate to display to users out of the many OnValidateCertificate() that gets called?
I did notice this chain of events. OnLoadingStateChange() -> *Bunch of redirections* -> OnValidateCertificate() -> OnLoadStart() -> Rest of OnValidateCertificate()
Does CEF guarantee that the first OnValidateCertificate() is the main one and not the ones from the redirections?
And similarly, does it guarantee that the OnValidateCertificate() containing main certificate is called before OnLoadStart()?
Thank you in advance!
I don't think there is a guaranteed order (as far as I know, there isn't one).
Resources can be loaded in any order, be they XHRs, main frames, subframes, JS, images etc.
All of them can have certificates (and not necessarily the same domain as the main frame).
I'm using a custom modified CEF with a CefRequestHandler custom callback - called OnSSLCertificateInfo - and a custom structure - CefSSLCertificateInfo2 - aggregating all sorts of information from net::URLRequest, CefSslInfo, net::ssl_info, response_info, SSL flags, security_bits, and more, while also using the existing CEF callbacks.
More, the certificate info arrives on IO thread, not on UI thread, so the things are even more complicated, so (for me) the IO thread pumps cert into a map, which changes status in UI thread and displays information to the user.
All these accumulates inside a volatile certificate store with the purpose of a "history" of certificates (think as a map[CefSSLInfo] = certificate chain inside the volatile store.
This because - mainly - things are furthermore complicated by cached requests (request->response_info().was_cached inside the various CefNetworkDelegate::OnXXX calls from browser/net/network_delegate.cc), which alters the flow even more. In this case I'm getting the host, common name, url etc. from a previous request to locate the cert chain inside the volatile store.
Not sure if this scenario applies to you (and I\m not sure I was 100% clear either), but, bottom line: I don't think you can rely on a specific order of calls. Sure, it might be so for 95% of websites, but it's the others (and especially the reload/cache) which will give you trouble,