Tested on Mac OS 10.12.2 using chrome M56 #56.0.2924.87 and M54 #54.0.2820.0 and observed as attached in screenshot and screencast.

@grischard-- Could you please check the attached screencast and confirm us if this is the expected behavior ,please help us by providing the expected behavior of chrome and steps.

Thanks!

Deleted: 694345_stable behavior.png 202 KB

	694345_stable behavior.png 202 KB View Download

Deleted: 694345.mp4 660 KB

	694345.mp4 660 KB View Download

Hello @hdodda,

Thanks for your reply. I can choose 'proceed' in 56 too, but have to do this again manually every time I start Chrome, which gets tedious.

So the way to reproduce is:

- Hit Proceed like you did in the screencast
- Quit and relaunch Chrome
- Reopen selfsigned.stereo.lu

Expected behaviour:

Chrome remembers that I want to proceed to selfsigned.stereo.lu

Actual behaviour:

Chrome asks me again

cc'ing estark, who may own the "Cert Error Memory" stuff.

OP: I can't proceed through the warning for https://selfsigned.stereo.lu in Chrome 56 because it is using HSTS, which disables cert error clickthroughs for the site.

Is that what you're seeing? It's not clear to me if the issue is that 1.) you can't click through the error in Chrome, 2.) there is still an error in Chrome after clicking through the error in Safari, or 3.) after clicking through the error in Chrome, you have to click through again after restarting Chrome.

I've verified on https://self-signed.badssl.com that clicking through the error is remembered across restarts as intended -- do you see that as well?

Thank you @estark, I hadn't thought of HSTS. It's weird, I'm able to click through, and so was @hdodda in their screencast. But Indeed, Chrome remembers my choice on badssl.com.

However it doesn't in my actual use case, on https://127.0.0.1, where HSTS doesn't apply.

This site is in the HSTS preload list. The video in comment 2 is from Chrome 54 -- perhaps that was before the site was included in the preload list?

I'm not sure why you would be able to click through the error in Chrome 56... could you please take a screenshot of the error page after clicking "Advanced"?

I'm not able to reproduce your issue on https://127.0.0.1. I'm running a server with a self-signed cert on https://127.0.0.1:4443, visiting that site in Chrome, clicking through the error, and restarting, and I don't see another error. Are you doing anything differently?

How bizarre. I am indeed seeing the HSTS warning and can't click through. However, https://chromium.googlesource.com/chromium/src/+/0abc2f2f751e5e841f5eabaaabe104036571e6dc/net/http/transport_security_state_static.json#2648 shows that stereo.lu was included in the hsts preload list of Chrome 54.0.2820.0 which was used in the video.

In any case, yes, I am doing the same thing on 127.0.0.1! Maybe it's something with my particular certificate setup. This is a much narrower issue than I thought: I'll update the ticket with exact steps to reproduce tomorrow.

Older builds (10 or 12 weeks, can't remember) stop consulting the preload list in order to not get stuck with stale data. So the tester is probably using an old M54 build that no longer uses preload data.

Well. I've installed Chrome and my software in a new VM and tried to reproduce it, but can't. Until I find out what's very particular in my current setup to reproduce this, I'm happy to have this closed as can't reproduce. Sorry, and thank you for your time.

Ok, please do let us know if you see this again. Thanks!