How to enable caching with SSL certificate errors?

[Czarek Tomczak]

Hello,

Since Chromium 15 caching is disabled when there is certificate error of any kind. There is an issue in the tracker that explains reasons for that:

"Need to test that caching is disabled with certificate errors."

https://code.google.com/p/chromium/issues/detail?id=103875

I'm using Chromium Embedded Framework (CEF) in custom application and using self-signed certificates on private networks. This is quite a big issue for us to have this fixed.

Could someone explain on how to enable caching, or at least give a hint on where to start looking? I've already asked Marshall Greenblatt on the CEF Forum and he would consider it for inclusion in CEF if the changes were minimal and had no other affects.

Thanks for any help.

Best regards,

Czarek

[Torne (Richard Coles)]

This isn't the answer you want, but: don't use self-signed certificates. If your network is completely trusted and there's no chance of someone intercepting the connection then just don't bother using SSL at all, HTTP is easier. If your network isn't completely trusted, then self-signed certificates are a bad idea for security.

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev

[Czarek Tomczak]

Just a follow up. The patch that enables caching on sites with certificate errors is quite straightforward, it will only affect caching behavior when the --ignore_certificate_errors switch is used. See below.

File: net/http/http_cache_transaction.cc
Method: HttpCache::Transaction::WriteResponseInfoToEntry
---------------------------------------------------------------
- net::IsCertStatusError(response_.ssl_info.cert_status)) {
+ (!cache_->GetSession()->params().ignore_certificate_errors &&
+ net::IsCertStatusError(response_.ssl_info.cert_status))) {