OnCertificateError callback issue for Chrome v53

[vzanpure]

Hi,

If I have a CefSharp Chromium Browser WebView in my WPF windows application, and I load a website I get a OnCertificateError callback via RequestHandler implementation.

This issue started happening when I upgraded to CefSharp v53. Is this a known issue? I can open the same website on all other browsers and also on Google Chrome. But, in WPF, the CefSharp library doesn't load the webview.

Does anyone know what caused this issue? Also, the CefErrorCode in the OnCertificateError callback is "-214" (which I didn't see in the CefErrorCode enum in the v53 GitHub branch).

[chris-araman]

There is a time bomb in the Certificate Transparency logs packaged in Chromium 53. This affects builds of Chromium older than 10 weeks. https://codereview.chromium.org/2495583002

CEF made a change to ignore the 10 week expiration by default, but CefSharp 53.0.0 doesn't include this fix. https://bitbucket.org/chromiumembedded/cef/issues/1994/cef-2785-lacks-certificate-transparency

This could be resolved by publishing a new CefSharp 53 release that includes CEF 3.2785.1486.g8c4ba9f or later.

@amaitland, I suspect this issue is going to start generating a lot of noise, as the CT logs in CefSharp 53.0.0 just expired. Let me know if there's anything I can do to help validate a fix.

[vzanpure]

Thanks for the reply! It is unexpected that they would suddenly start imposing after 10 weeks. Any information about why they went down this route of imposing it after 10 weeks?

[chris-araman]

@vzanpure, please read the links I sent. It appears that Chromium is rethinking this time bomb. That's all the information I have.

[amaitland]

@amaitland, I suspect this issue is going to start generating a lot of noise, as the CT logs in CefSharp 53.0.0 just expired. Let me know if there's anything I can do to help validate a fix.

@chris-araman See #1841

[chris-araman]

Got it, @amaitland.

[chris-araman]

This issue does not appear to affect the master branch of CefSharp, as CEF 3.2883.1539.gd7f087e includes the fix.

Unfortunately for users of CefSharp 53, just dropping the CEF 3.2785.1486.g8c4ba9f binaries in place won't work, as the cef_settings_t and cef_request_context_settings_t structures have been extended.

I have submitted a PR to the cef-binary project in order to generate new cef-redist packages: https://github.com/cefsharp/cef-binary/pull/41

@jornh, you're listed as a maintainer of those NuGet packages. Would you be willing to update the published NuGet packages? https://www.nuget.org/packages/cef.redist.x86/ https://www.nuget.org/packages/cef.redist.x64/

I could then submit a CefSharp 53 PR that points to those packages.

[amaitland]

@jornh, you're listed as a maintainer of those NuGet packages. Would you be willing to update the published NuGet packages?

@chris-araman Packages are never directly pushed to Nuget, they're uploaded to MyGet first, then tested, changes made to the main repo. When the CefSharp packages are tagged and generated, everything is then pushed from MyGet. If you are interested in being more involved, I'll make you a contributor to the project and grant your MyGet account access to the feed.

[chris-araman]

Glad to contribute, @amaitland. I'm chrisaraman at nuget.org and chris-araman at myget.org.

[amaitland]

Glad to contribute, @amaitland. I'm chrisaraman at nuget.org and chris-araman at myget.org.

Great 👍 That should give you enough access to move on this. The MyGet feed is setup to directly push to Nuget.org.

[RadarNyan]

Excuse me for maybe off-topic, I'm experiencing an issue that random https requests getting "canceled" (eg: I can open sites like https://global.bing.com/ but I can't open the login page as some requests are "canceled") is it related to this issue or should I open a separate one?

[Spiderpig86]

@RadarNyan I will second that issue. Certain websites like Dribbble also couldn't load properly since some JS vars are not resolved.

[amaitland]

@RadarNyan @Spiderpig86 If/when @chris-araman produces a new set of packages you will be able to test the fix. If you are still experiencing a problem after upgrading then you should report the problem at http://magpcss.org/ceforum/

For now I suggest everyone downgrade to 51.0.0 or build your own set of packages (this is open source after all)

[kaido42]

or build your own set of packages (this is open source after all)

it works and the initial problem is fixed with CEF 3.2785.1486 ..

a little warning though, the build.ps1 in cefsharp/cef-binary expects PowerShell newer than 3.0 or newer (for Invoke-WebRequest) and can mess things up if this is not the case.

[amaitland]

Looks like AppVeyor will build the cef-binary packages see https://ci.appveyor.com/project/cefsharp/cef-binary/build/53.0.0-CI1

Now time for someone to submit a PR, and update the Changelog.......

[rutony]

How long waiting for update? Its really problem with it error.

[amaitland]

How long waiting for update? Its really problem with it error.

I have updated the entry on BountySource if the target is met then I will release a version. If this is not met then you'll just have to downgrade, build your own or wait for someone to resolve this issue.

[amaitland]

As a thank you to those who have kindly pledged funding towards a 55.0.0 (#1893 ) release I have released 53.0.1 that references CEF 3.2785.1486. Upgrade and this issue will be resolved.

[chris-araman]

Thanks, @amaitland. I appreciate all of your work on this project, and I'm sure many others do as well. I'm hoping to have more time to contribute in the coming year. Once I've gone through the packaging/validation/release process once, it'll be easier to contribute moving forward.