New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 697721 link

Starred by 11 users
Status: Duplicate
Merged: issue 659662
Owner: ----
Closed: Mar 2017
Cc:
eseckler@chromium.org
hdodda@chromium.org
skyos...@chromium.org
altimin@chromium.org
alexclarke@chromium.org
sureshkumari@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Feature



Sign in to add a comment

Headless Chrome: No support for --ignore-certificate-errors

Reported by fastest...@gmail.com, Mar 2 2017 
Chrome Version       : 58.0.3018.3

What steps will reproduce the problem?
(1) Start headless Chrome with: chrome --headless --remote-debugging-port=9222 --proxy-server=127.0.0.1:80 --enable-logging --v=1 --ignore-certificate-errors
(2) Try to load https resource, such as https://gobin.io/wmzJ

What is the expected result?
I expected that it would work like non-headless and ignore certificate errors.

What happens instead?
Trying to load an HTTPS asset behind the MITM proxy results in an error and
[0302/032644.908385:ERROR:cert_verify_proc_nss.cc(918)] CERT_PKIXVerifyCert for gobin.io failed err=-8179

Preferably we would have  crbug.com/694547  but until then, being able to use a mitm proxy is crucial.

Comment 1 by sureshkumari@chromium.org, Mar 2 2017

Cc: sureshkumari@chromium.org
Labels: Needs-Feedback
Tested the issue on Windows-7 with chrome version #58.0.3018.3.
From the commandPrompt launched chrome with following argument

"chrome --headless --remote-debugging-port=9222 --proxy-server=127.0.0.1:80 --enable-logging --v=1 --ignore-certificate-errors"
Chrome launched successfully and navigated to the url  "https://gobin.io/wmzJ"
Not observed the following error in commandprompt  "CERT_PKIXVerifyCert for gobin.io failed err=-8179"

Could you please let us on Which OS you faced this issue, so that we can try to reproduce the scenario from TE-end.

Thanks.

Comment 2 by fastest...@gmail.com, Mar 2 2017 

I would assume it's platform agnostic but I was specifically using CentOS 7. Additionally you need to make sure you have an HTTP proxy that responds with self signed certs running on port 80 on the same machine.
Project Member

Comment 3 by sheriffbot@chromium.org, Mar 2 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "sureshkumari@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by jkarlin@chromium.org, Mar 2 2017

Cc: alexclarke@chromium.org eseckler@chromium.org altimin@chromium.org skyos...@chromium.org
Net triager here. CC'ing some headless owners. Not sure what the right component for this would be.

Comment 5 by altimin@chromium.org, Mar 2 2017

Labels: Pri-2 Type-Feature
Status: Available (was: Unconfirmed)
Note that we're going to have certificate error handling via devtools:  crbug.com/659662 

But I agree, --ignore-certificate-errors should be supported too.

Comment 6 by altimin@chromium.org, Mar 2 2017 

I should mention that it's a headless issue: we need to plumb the required bit to net::URLRequestContextBuilder in HeadlessURLRequestContextGetter::GetURLRequestContext.

Comment 7 by eseckler@chromium.org, Mar 2 2017

Mergedinto: 659662
Status: Duplicate (was: Available)
I think that we don't want to support --ignore-certificat-errors since security folks are looking to remove it, see

https://bugs.chromium.org/p/chromium/issues/detail?id=696350#c5

Certificate error handling via DevTools will be the way to go.

Comment 8 by eseckler@chromium.org, Jul 19 2017

Cc: hdodda@chromium.org
 Issue 678648  has been merged into this issue.

Comment 9 by eseckler@chromium.org, Jul 19 2017 

 Issue 746213  has been merged into this issue.

Sign in to add a comment