Chromium Embedded Framework Forum

Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.

Skip to content

Problem with OnSelectClientCertificate since 117.0.5938

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.
Forum rules
Post a reply

Problem with OnSelectClientCertificate since 117.0.5938

Postby samohtt » Thu Oct 26, 2023 10:53 am

Based on the documentation of OnSelectClientCertificate it is valid to simply return false to get the default behavior (first certificate will be selected automatically).
As there was no need in the past to show a certificate selection dialog, we just implemented "return false;"
This worked very well in all scenarios.

But when we switched from v116 to v117 a few weeks ago, we had big troubles on our test machines (VM). When we try to logon to some servers using a simple HTTPs URL it just freezes and get stuck after the OnBeforeResourceLoad callback. Nothing happens anymore.
Sometimes the logon screen came up after 10 sec., sometimes we have to wait for minutes before the server response finally happens.
The problem was not reproducible with cefclient and also not with the CefSharp example.

I had a hard time to figure this out, but it seems to be a problem with the OnSelectClientCertificate if the server asks for a client certificate, but on the client machine is no certificate available which fits to the given host. If I return false in this case it seems to have a problem with handling this since v117 (it worked all the years on the test machines without any certificates).

Later I have found why it worked with cefclient and also the CefSharp example. In both test clients there is per default a certificate handling implemented which never calls return false, like in my code. I have tested with the CefSharp example by removing the sample code and had the same effect.
My workaround is now to check the count of the given X509CertificateList. If this is 0, I do callback->Select(nullptr); return true. If it is gt 0 i still return false.

Are there any thoughts on this ? Is this maybe a known bug or changed behavior in Chromium core or are there any changes made in CEF which could have changed the behavior ?
samohtt
Techie
 
Posts: 20
Joined: Tue Jul 24, 2018 11:32 am
Top

Re: Problem with OnSelectClientCertificate since 117.0.5938

Postby magreenblatt » Thu Oct 26, 2023 11:03 am

My workaround is now to check the count of the given X509CertificateList. If this is 0, I do callback->Select(nullptr); return true. If it is gt 0 i still return false.

Are there any thoughts on this ?

Sounds like a bug. Please add a new issue at https://github.com/chromiumembedded/cef/issues
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top
Post a reply

Return to Support Forum

Who is online

Users browsing this forum: W3C [Validator] and 205 guests

Powered by phpBB® Forum Software © phpBB Group