Chromium Embedded Framework Forum

[DarthCoder]

I was playing around with the CefClient sample app and noticed that when opening HTTPS sites with bad security certificates, the client is simply ignoring the certificate errors and proceeds loading the site. I think this is bad behavior and defeats the purpose of using certificates for secure connections. Ideally the client should tell the user in some way that there is a certificate error and proceed loading only if the user wants to. This is what most browsers including chrome do.

Is there any way to control the same when embedding chromium using Cef in our application? i.e We would like to prompt the user (with our own UI) for his decision and proceed to open the site only if the user chooses to. Is there any callback system already implemented for the same or do I need to dig into chromium code for the same?

[magreenblatt]

See OnSSLCertificateError() in libcef/browser_resource_loader_bridge.cc and related comments in net/url_request/url_request.h. It would be perfectly reasonable to add a CefRequestHandler callback for this. Please add a new issue to the CEF issue tracker.

[jfagan]

I am currently trying to work out how best to add the callback into the CEF3 trunk code, but it is proving to be trickier than first thought.

My current train of thought is to add something like

Code: Select all

virtual void OnSSLError(CefRefPtr<CefRequest> request, CefRefPtr<CefSslInfo> ssl_info)

to cef_resource_handler.h, but it looks like CefSslInfo would need to be created? Am I barking up the wrong tree, any pointers to where things should be created and placed would be great, I'll send you a patch when done.