ERR_SSL_CLIENT_AUTH_CERT_NEEDED

[xivan...@gmail.com]

Hello,

it's seems that there are SSL-related issues with rendering even if i use 'Security.setOverrideCertificateErrors' feature:

>| {"method":"Page.enable","id":1}

<| {"id":1,"result":{}}

>| {"method":"Network.enable","id":2}

<| {"id":2,"result":{}}

>| {"method":"Console.enable","id":3}

<| {"id":3,"result":{}}

>| {"method":"Security.enable","id":4}

<| {"method":"Security.securityStateChanged","params":{"securityState":"neutral","schemeIsCryptographic":false,"explanations":[],"insecureContentStatus":{"ranMixedContent":false,"displayedMixedContent":false,"containedMixedForm":false,"ranContentWithCertErrors":false,"displayedContentWithCertErrors":false,"ranInsecureContentStyle":"unknown","displayedInsecureContentStyle":"unknown"},"summary":""}}

<| {"id":4,"result":{}}

>| {"params":{"override":true},"method":"Security.setOverrideCertificateErrors","id":5}

<| {"id":5,"result":{}}

>| {"params":{"url":"https://khabarovsk.mid.ru/"},"method":"Page.navigate","id":6}

<| {"method":"Page.frameStartedLoading","params":{"frameId":"31640.1"}}

<| {"method":"Network.requestWillBeSent","params":{"requestId":"31640.1","loaderId":"31640.1","documentURL":"https://khabarovsk.mid.ru/","request":{"url":"https://khabarovsk.mid.ru/","method":"GET","headers":{"Accept-Language":"ru-RU","Upgrade-Insecure-Requests":"1","User-Agent":"Mozilla/5.0 (compatible; 2gisbot/1.0)"},"mixedContentType":"none","initialPriority":"VeryHigh","referrerPolicy":"no-referrer-when-downgrade"},"timestamp":631208.296971,"wallTime":1502702112.17628,"initiator":{"type":"other"},"type":"Document","frameId":"31640.1"}}

<| {"id":6,"result":{"frameId":"31640.1"}}

<| {"method":"Network.loadingFailed","params":{"requestId":"31640.1","timestamp":631208.402082,"type":"Document","errorText":"net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED","canceled":false}}

<| {"method":"Network.requestServedFromCache","params":{"requestId":"31640.2"}}

<| {"method":"Network.loadingFinished","params":{"requestId":"31640.2","timestamp":631208.402635,"encodedDataLength":0}}

<| {"method":"Security.securityStateChanged","params":{"securityState":"neutral","schemeIsCryptographic":true,"explanations":[{"securityState":"secure","summary":"Valid certificate","description":"The connection to this site is using a valid, trusted server certificate issued by unknown name.","hasCertificate":false,"mixedContentType":"none"},{"securityState":"secure","summary":"Secure resources","description":"All resources on this page are served securely.","hasCertificate":false,"mixedContentType":"none"}],"insecureContentStatus":{"ranMixedContent":false,"displayedMixedContent":false,"containedMixedForm":false,"ranContentWithCertErrors":false,"displayedContentWithCertErrors":false,"ranInsecureContentStyle":"insecure","displayedInsecureContentStyle":"neutral"},"summary":""}}

<| {"method":"Security.securityStateChanged","params":{"securityState":"neutral","schemeIsCryptographic":true,"explanations":[{"securityState":"secure","summary":"Valid certificate","description":"The connection to this site is using a valid, trusted server certificate issued by unknown name.","hasCertificate":false,"mixedContentType":"none"},{"securityState":"secure","summary":"Secure resources","description":"All resources on this page are served securely.","hasCertificate":false,"mixedContentType":"none"}],"insecureContentStatus":{"ranMixedContent":false,"displayedMixedContent":false,"containedMixedForm":false,"ranContentWithCertErrors":false,"displayedContentWithCertErrors":false,"ranInsecureContentStyle":"insecure","displayedInsecureContentStyle":"neutral"},"summary":""}}

<| {"method":"Page.frameNavigated","params":{"frame":{"id":"31640.1","loaderId":"31640.2","url":"data:text/html,chromewebdata","securityOrigin":"://","mimeType":"text/html","unreachableUrl":"https://khabarovsk.mid.ru/"}}}

<| {"method":"Page.loadEventFired","params":{"timestamp":631208.404165}}

<| {"method":"Page.frameStoppedLoading","params":{"frameId":"31640.1"}}

<| {"method":"Page.domContentEventFired","params":{"timestamp":631208.404538}}

When i'm turning on 'Network.setRequestInterceptionEnabled' feature all became even more weird:

>| {"method":"Page.enable","id":1}

<| {"id":1,"result":{}}

>| {"method":"Network.enable","id":2}

<| {"id":2,"result":{}}

>| {"method":"Console.enable","id":3}

<| {"id":3,"result":{}}

>| {"method":"Security.enable","id":4}

<| {"method":"Security.securityStateChanged","params":{"securityState":"neutral","schemeIsCryptographic":false,"explanations":[],"insecureContentStatus":{"ranMixedContent":false,"displayedMixedContent":false,"containedMixedForm":false,"ranContentWithCertErrors":false,"displayedContentWithCertErrors":false,"ranInsecureContentStyle":"unknown","displayedInsecureContentStyle":"unknown"},"summary":""}}

<| {"id":4,"result":{}}

>| {"params":{"enabled":true},"method":"Network.setRequestInterceptionEnabled","id":5}

<| {"id":5,"result":{}}

>| {"params":{"override":true},"method":"Security.setOverrideCertificateErrors","id":6}

<| {"id":6,"result":{}}

>| {"params":{"url":"https://khabarovsk.mid.ru/"},"method":"Page.navigate","id":7}

<| {"method":"Network.requestIntercepted","params":{"interceptionId":"id-1","request":{"url":"https://khabarovsk.mid.ru/","method":"GET","headers":{"Accept-Language":"ru-RU","Upgrade-Insecure-Requests":"1","User-Agent":"Mozilla/5.0 (compatible; 2gisbot/1.0)","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"},"initialPriority":"VeryHigh","referrerPolicy":"no-referrer-when-downgrade"},"resourceType":"Document"}}

<| {"method":"Page.frameStartedLoading","params":{"frameId":"6476.1"}}

<| {"method":"Network.requestWillBeSent","params":{"requestId":"6476.1","loaderId":"6476.1","documentURL":"https://khabarovsk.mid.ru/","request":{"url":"https://khabarovsk.mid.ru/","method":"GET","headers":{"Accept-Language":"ru-RU","Upgrade-Insecure-Requests":"1","User-Agent":"Mozilla/5.0 (compatible; 2gisbot/1.0)"},"mixedContentType":"none","initialPriority":"VeryHigh","referrerPolicy":"no-referrer-when-downgrade"},"timestamp":631538.504865,"wallTime":1502702442.38417,"initiator":{"type":"other"},"type":"Document","frameId":"6476.1"}}

<| {"id":7,"result":{"frameId":"6476.1"}}

>| {"params":{"interceptionId":"id-1"},"method":"Network.continueInterceptedRequest","id":8}

<| {"id":8,"result":{}}

<| {"method":"Network.loadingFailed","params":{"requestId":"6476.1","timestamp":631538.617714,"type":"Document","errorText":"net::ERR_ABORTED","canceled":true}}

<| {"method":"Page.frameStoppedLoading","params":{"frameId":"6476.1"}}

The same page opens in non-headless Chromium on same PC without any issues.

Any thoughts?

~/chrome-linux/chrome --headless --disable-gpu --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --mute-audio --shm-size=1024m --no-sandbox --no-zygote --remote-debugging-port=9222 --window-size=1024,768

(issues are also reproducible without bold flags)

➜  chrome-linux ./chrome --version

Chromium 62.0.3173.0 

➜  chrome-linux lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description: Ubuntu 16.04.2 LTS

Release: 16.04

Codename: xenial

[dvallet (Chromium)]

Just in case: dId you define the Security.handleCertificateError to handle the errors? Otherwise they will just be passed into chrome. 

Also, not that afaik these flags: --disable-web-security --allow-running-insecure-content --ignore-certificate-errors  don't work in headless

--
You received this message because you are subscribed to the Google Groups "headless-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to headless-dev...@chromium.org.
To post to this group, send email to headle...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/headless-dev/41b52746-53ca-42e4-91bb-abcce1aee086%40chromium.org.

[xivan...@gmail.com]

Yes, i have a handler for 'Security.certificateError' event which unconditionally calls 'Security.handleCertificateError'.

Unfortunately there is no 'Security.certificateError' events from the socket it this case.

[Eric Seckler]

Hm, SSL_CLIENT_AUTH_CERT_NEEDED means that the server asked for a client certificate. It's likely that we're not supporting client certificate handling via devtools / in headless yet. Feel free to file a bug!

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/headless-dev/405779cf-cf68-410c-aced-8f453285236d%40chromium.org.

[xivan...@gmail.com]

Filed a issue - Issue 758452

[Alex Clarke]

Strange the interception code is supposed to fall back to the default behavior for SSL Cert requests, see this.

To unsubscribe from this group and stop receiving emails from it, send an email to headless-dev+unsubscribe@chromium.org.

To post to this group, send email to headle...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/headless-dev/405779cf-cf68-410c-aced-8f453285236d%40chromium.org.

--

You received this message because you are subscribed to the Google Groups "headless-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to headless-dev+unsubscribe@chromium.org.

To post to this group, send email to headle...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/headless-dev/CAHZJZiG2-jm_PV8R4A%3DOkdOLZKbrmPPNvSrMfQSr4R6bBRXJ_Q%40mail.gmail.com.