For some reason CERT_STATUS_PINNED_KEY_MISSING is not fired.
"Show SSL Information" from the contextual menu also does not show Status error (in fact, it does not show any status).
Chrome blocks the page and displays
- Code: Select all
Your connection is not private
Attackers might be trying to steal your information from pinning-test.badssl.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
Is there any option/custom modification in CEF/Chromium source code that might help to catch this?
I've placed breakpoints in all ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN places I could find in CEF 3282 (I know, deprecated) but no stop.
The page displays in cefclient
"This site is preloaded with a bad HPKP pin starting in Chrome 48."
so I don't think is 3282 related.