we have implemented a certificate management, which enables the user to import a certificate (e.g. self-signed) into the user-dependent nssdb. (For information about nssdb: https://chromium.googlesource.com/chrom ... agement.md
Before we updated the used CEF version from 3.2785.1485 to M91 the following workflow works as expected.
1. Navigate a webpage with a self-signed certificate (e.g. https://myhomepage)
2. The RequestHandler::OnCertificateError gets called
2.1 Create a page with informations about the certificate and a button to import the certificate
2.2 Save the callback, load the information page and return true
3. If the user decides to import the certificate, it will be imported into the user-dependent nssdb (~/.pki/nssdb). The used trust attributes are determined in respect of the cef_cert_status_t value.
4. If the certificate was successfully imported, reload the url by executing the saved callback. Before the CEF update this works as expected and the webpage was loaded correctly.
The import of the certificate may result in the following nssdb-entry:
- Code: Select all
# certutil -L -d ~/.pki/nssdb
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
myhomepage P,,
We have done the following tests with https://myhomepage:
chromium loads the url without any problem, as long as the certificate is present in the nssdb. Otherwise it shows an error page.
cefsimple basically shows a blank page.
with CEF version 80.1.15 cefsimple works as expected
Tested also with badssl.com. The difference here is, that cefsimple does nothing when trying to click the "self-signed" button.
After the update it seems that ?CEF? doesn't use the nssdb anymore. Any suggestions?