[solved] OnLoadError instead of OnCertificateError

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Re: OnLoadError instead of OnCertificateError on self-signed

Postby magreenblatt » Wed Jun 16, 2021 11:10 am

olzzen wrote:Ok, but this means we have to wait for the pull-request to be accepted and then we must use an unstable CEF-version?

The change has been merged to M91 (current stable) and newer. Builds should be available tomorrow.

Note that OnLoadError will only be called for navigations, whereas OnCertificateError may be called for sub-resource loads. You'll likely need to use a combination of both callbacks to catch all possible SSL-related failure conditions.
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: OnLoadError instead of OnCertificateError on self-signed

Postby olzzen » Wed Jun 16, 2021 11:22 am

Thanks for your quick reply! We will test the M91 stable version tomorrow. We were not aware that we have to deal with certificate errors in OnLoadError too. In our previous implementation everything works fine. Is there a possibility to store the information about ignored certificates in CEF, like CefIgnoredCertificatesStore?
olzzen
Techie
 
Posts: 46
Joined: Fri Oct 23, 2015 1:01 am

Re: OnLoadError instead of OnCertificateError on self-signed

Postby magreenblatt » Wed Jun 16, 2021 11:32 am

olzzen wrote:Thanks for your quick reply! We will test the M91 stable version tomorrow. We were not aware that we have to deal with certificate errors in OnLoadError too. In our previous implementation everything works fine. Is there a possibility to store the information about ignored certificates in CEF, like CefIgnoredCertificatesStore?

The majority of this functionality is internal to Chromium, so we're limited to the callbacks that are currently available to us.
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: OnLoadError instead of OnCertificateError on self-signed

Postby magreenblatt » Wed Jun 16, 2021 11:55 am

I created https://bitbucket.org/chromiumembedded/cef/issues/3148 to track test coverage for these APIs.
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: OnLoadError instead of OnCertificateError on self-signed

Postby olzzen » Thu Jun 17, 2021 6:43 am

We have updated to 91.1.19+ga92e5d5+chromium-91.0.4472.101, and the behaviour hasn't changed. But we have implemented a dirty hack to handle ERR_INSECURE_RESPONSE (-501) in OnLoadError, which seems to work. I can imagine this was already possible with the previous version 90.6...

Our problem is now that we have two Handlers in separate classes, which share a subset of the same data. With all the handlers out there, it's not easy. So we are considering to merge the LoadHandler with the RequestHandler implementation. But this no longer has much to do with maintainability and modularity. We are thinking of an in-app implementation of a certificate store. Any ideas or hints on how this can be implemented with these concepts in mind?
olzzen
Techie
 
Posts: 46
Joined: Fri Oct 23, 2015 1:01 am

Re: OnLoadError instead of OnCertificateError on self-signed

Postby magreenblatt » Thu Jun 17, 2021 8:56 am

Our problem is now that we have two Handlers in separate classes, which share a subset of the same data. With all the handlers out there, it's not easy. So we are considering to merge the LoadHandler with the RequestHandler implementation. But this no longer has much to do with maintainability and modularity.

If you have separate objects for RequestHandler and LoadHandler currently then you can create a 3rd object that manages state related to certificates. That new object can receive delegation from the existing RequestHandler/LoadHandler objects for the specific callbacks that it's interested in while keeping other/unrelated logic in the separate RequestHandler/LoadHandler objects.
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

Re: OnLoadError instead of OnCertificateError on self-signed

Postby olzzen » Thu Jun 17, 2021 2:07 pm

If you have separate objects for RequestHandler and LoadHandler currently then you can create a 3rd object that manages state related to certificates.


That's what we wanted to accomplish with an in-app certificate store. Ok, that's fine.

If we want to navigate to an URL from within OnLoadError, do we have to do this asynchronously with a CefTask?
olzzen
Techie
 
Posts: 46
Joined: Fri Oct 23, 2015 1:01 am

Re: OnLoadError instead of OnCertificateError on self-signed

Postby amaitland » Thu Jun 17, 2021 2:13 pm

But we have implemented a dirty hack to handle ERR_INSECURE_RESPONSE (-501) in OnLoadError, which seems to work. I can imagine this was already possible with the previous version 90.6...


Version 90 would have only given you an aborted error code for all certificate errors.

You need version 91.1.19 or higher as it includes https://bitbucket.org/chromiumembedded/ ... quests/373
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Re: OnLoadError instead of OnCertificateError on self-signed

Postby olzzen » Thu Jun 17, 2021 3:47 pm

From my first post you can see what behaviour we have observed with the cef version 90.6.7:
After upgrading to version 90.6.7, the error handler is no longer being called for our self-signed certificates. Instead the CefLoadHandler::OnLoadError function is called with an error message
Failed to load URL https://.../index.html with error ERR_INSECURE_RESPONSE (-501).

.
Same behaviour could be observed when using cefsimple with the URL.


But thanks, we already updated cef...
We have updated to 91.1.19+ga92e5d5+chromium-91.0.4472.101, ...


Our current question is, if we want to navigate to an URL from within OnLoadError, do we have to do this asynchronously with a CefTask? As there is no callback within OnLoadError we wonder if we can simply call CefFrame::LoadURL on the given CefFrame object?
olzzen
Techie
 
Posts: 46
Joined: Fri Oct 23, 2015 1:01 am

Re: OnLoadError instead of OnCertificateError on self-signed

Postby magreenblatt » Thu Jun 17, 2021 3:56 pm

olzzen wrote:Our current question is, if we want to navigate to an URL from within OnLoadError, do we have to do this asynchronously with a CefTask? As there is no callback within OnLoadError we wonder if we can simply call CefFrame::LoadURL on the given CefFrame object?

Yes, you can navigate from OnLoadError for the main frame. For sub-frames more work may be required (depending on how the DOM is constructed).
magreenblatt
Site Admin
 
Posts: 12383
Joined: Fri May 29, 2009 6:57 pm

PreviousNext

Return to Support Forum

Who is online

Users browsing this forum: ndesktop and 43 guests