SSL_CLIENT_AUTH_CERT_NEEDED after redirect to different port

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

SSL_CLIENT_AUTH_CERT_NEEDED after redirect to different port

Postby samohtt » Tue Jun 08, 2021 1:50 pm

Hi,

one of our customers reported a problem in his system landscape which occurs since version 90.0.4430.93

He has maintained a port redirect from https://example.com:44140 to https://example.com:8153 to load balance the server requests.
With older CEF/Chromium versions the first request returns with a 307 and location https://example.com:8153. Then a second response contains a 401 status (unauthorized) and then the browser automatically handles the final handshake and he receives a third and final response with the correct URL/port and the page is loaded successfully.

Now, with CEF/Chromium version 90.0.4430.93 the third and final response does not happen anymore and the page is not loaded. It just skips with the second 401 status and in the trace I can see that the browser fires an OnLoadError with error code -110 SSL_CLIENT_AUTH_CERT_NEEDED.
A reload of the page with (F5/CTRL+R) triggers the final step and afterwards the page is successfully loaded. But this is only a manual workaround, which is not acceptable.

As this still works fine with CEF/Chromium 89.0.4389.90 and Google Chrome on customers machine it seems that there is something wrong with the current CEF version.
It sounds similar to viewtopic.php?f=6&t=18321, but in our case it has nothing to do with CORS. It's a same-origin main request/redirect. But maybe there is a generic problem with the SSL handshake after a 401/407 response.

I have currently no reproducible example on a public server, but we try to test with cefclient (89,90 and 91 Beta) on the customers machine and maybe get some network trace.
Is this a known problem ? Does anyone have an idea how to solve this, or should I open an issue without reproducible example ?

Thanks,
Thomas
samohtt
Techie
 
Posts: 20
Joined: Tue Jul 24, 2018 11:32 am

Re: SSL_CLIENT_AUTH_CERT_NEEDED after redirect to different

Postby magreenblatt » Tue Jun 08, 2021 2:31 pm

If the problem is not resolved in 91 please add an issue with a reproducible (and publicly available) example. Thanks.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: SSL_CLIENT_AUTH_CERT_NEEDED after redirect to different

Postby cphelan » Mon Oct 25, 2021 10:52 am

Hi,

I just logged
https://bitbucket.org/chromiumembedded/ ... -fail-with

which contains a publicly reproducible test case.
cphelan
Newbie
 
Posts: 1
Joined: Mon Oct 25, 2021 7:29 am

Re: SSL_CLIENT_AUTH_CERT_NEEDED after redirect to different

Postby magreenblatt » Mon Oct 25, 2021 12:01 pm

cphelan wrote:Hi,

I just logged
https://bitbucket.org/chromiumembedded/ ... -fail-with

which contains a publicly reproducible test case.

Thanks.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 53 guests