Based on the documentation of OnSelectClientCertificate it is valid to simply return false to get the default behavior (first certificate will be selected automatically).
As there was no need in the past to show a certificate selection dialog, we just implemented "return false;"
This worked very well in all scenarios.
But when we switched from v116 to v117 a few weeks ago, we had big troubles on our test machines (VM). When we try to logon to some servers using a simple HTTPs URL it just freezes and get stuck after the OnBeforeResourceLoad callback. Nothing happens anymore.
Sometimes the logon screen came up after 10 sec., sometimes we have to wait for minutes before the server response finally happens.
The problem was not reproducible with cefclient and also not with the CefSharp example.
I had a hard time to figure this out, but it seems to be a problem with the OnSelectClientCertificate if the server asks for a client certificate, but on the client machine is no certificate available which fits to the given host. If I return false in this case it seems to have a problem with handling this since v117 (it worked all the years on the test machines without any certificates).
Later I have found why it worked with cefclient and also the CefSharp example. In both test clients there is per default a certificate handling implemented which never calls return false, like in my code. I have tested with the CefSharp example by removing the sample code and had the same effect.
My workaround is now to check the count of the given X509CertificateList. If this is 0, I do callback->Select(nullptr); return true. If it is gt 0 i still return false.
Are there any thoughts on this ? Is this maybe a known bug or changed behavior in Chromium core or are there any changes made in CEF which could have changed the behavior ?