OnLoadError Aborted for Invalid SSL certificate

Do not post support requests, bug reports or feature requests. Discuss CEF here. Non-CEF related discussion goes in General Discussion!

OnLoadError Aborted for Invalid SSL certificate

Postby amaitland » Thu Jun 03, 2021 5:02 pm

When loading a webpage with an invalid SSL certificate one from https://badssl.com
for example, OnLoadError is called with Aborted rather than the actual certificate error.

This appears to be a result of exacting the callback with CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL

https://github.com/chromiumembedded/cef ... nt.cc#L883

https://source.chromium.org/chromium/ch ... s=chromium

Code: Select all
  // Cancels the request synchronously using a net::ERR_ABORTED.
  CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL,

  // Denies the request synchronously using the certificate error code that was
  // encountered.
  CERTIFICATE_REQUEST_RESULT_TYPE_DENY,


The chromium source seems to suggest using CERTIFICATE_REQUEST_RESULT_TYPE_DENY would use the certificate error code.

Thoughts on changing CEF to use CERTIFICATE_REQUEST_RESULT_TYPE_DENY?
Maintainer of the CefSharp project.
amaitland
Master
 
Posts: 958
Joined: Wed Jan 14, 2015 2:35 am

Re: OnLoadError Aborted for Invalid SSL certificate

Postby magreenblatt » Thu Jun 03, 2021 7:26 pm

Sounds reasonable. Please add a bug / submit a PR.
magreenblatt
Site Admin
 
Posts: 10920
Joined: Fri May 29, 2009 6:57 pm

Re: OnLoadError Aborted for Invalid SSL certificate

Postby amaitland » Thu Jun 03, 2021 10:03 pm

I've created https://bitbucket.org/chromiumembedded/ ... ertificate

Would you like an issue created also?
Maintainer of the CefSharp project.
amaitland
Master
 
Posts: 958
Joined: Wed Jan 14, 2015 2:35 am

Re: OnLoadError Aborted for Invalid SSL certificate

Postby magreenblatt » Thu Jun 03, 2021 10:22 pm

Thanks, the PR is enough. With this change does it behave as expected (correct error code) in your testing?
magreenblatt
Site Admin
 
Posts: 10920
Joined: Fri May 29, 2009 6:57 pm

Re: OnLoadError Aborted for Invalid SSL certificate

Postby amaitland » Thu Jun 03, 2021 10:57 pm

I'll let you know when I've got a successful master build happening :)
Maintainer of the CefSharp project.
amaitland
Master
 
Posts: 958
Joined: Wed Jan 14, 2015 2:35 am

Re: OnLoadError Aborted for Invalid SSL certificate

Postby amaitland » Sat Jun 12, 2021 5:08 am

I now get an ERR_CERT_DATE_INVALID (-201) when I load https://expired.badssl.com/ using cefclient

I commented out the OnCertificateError call to LoadErrorPage so OnLoadError is called.

I'll try updating again to grab the latest changes, I know you've updated to version 92 recently.
Maintainer of the CefSharp project.
amaitland
Master
 
Posts: 958
Joined: Wed Jan 14, 2015 2:35 am

Re: OnLoadError Aborted for Invalid SSL certificate

Postby amaitland » Sun Jun 13, 2021 12:25 am

Testing against commit https://bitbucket.org/chromiumembedded/ ... a008fe7647

Working as expected with the added bonus in OnLoadError I can now get the invalid certificate from the visible nav entry.

Code: Select all
void ClientHandler::OnLoadError(CefRefPtr<CefBrowser> browser,
                                CefRefPtr<CefFrame> frame,
                                ErrorCode errorCode,
                                const CefString& errorText,
                                const CefString& failedUrl) {
  CEF_REQUIRE_UI_THREAD();

  // Don't display an error for downloaded files.
  if (errorCode == ERR_ABORTED)
    return;

  // Don't display an error for external protocols that we allow the OS to
  // handle. See OnProtocolExecution().
  if (errorCode == ERR_UNKNOWN_URL_SCHEME) {
    std::string urlStr = frame->GetURL();
    if (urlStr.find("spotify:") == 0)
      return;
  }
 
  if (errorCode == ERR_CERT_DATE_INVALID) {
    CefRefPtr<CefX509Certificate> cert = browser->GetHost()->GetVisibleNavigationEntry()->GetSSLStatus()->GetX509Certificate();
     if (cert.get()) {
      LoadErrorPage(frame, failedUrl, errorCode, GetCertificateInformation(cert, browser->GetHost()->GetVisibleNavigationEntry()->GetSSLStatus()->GetCertStatus()));
      
      return;
   }
  }

  // Load the error page.
  LoadErrorPage(frame, failedUrl, errorCode, errorText);
}


I also tested the callback with an inline call and return true which also works as expected.

Code: Select all
callback->Continue(false);
return true;
Maintainer of the CefSharp project.
amaitland
Master
 
Posts: 958
Joined: Wed Jan 14, 2015 2:35 am


Return to CEF Discussion

Who is online

Users browsing this forum: No registered users and 6 guests