1. 技术文章
  2. GeckoFX 22 by pass self sign cert

GeckoFX 22 by pass self sign cert

让人想犯罪 __ 提交于 2020-12-16 06:10:30

问题


i am implementing a GeckoFX Browser using c#. i need to navigate to a secure self sign cert. but GeckoFX throw me this error.

The certificate is not trusted because the issuer certificate is not trusted. The certificate is only valid for FG200B3913601572 (Error code: sec_error_untrusted_issuer)

How do i bypass the Check?


回答1:


You could try this code, but it requires the latest version of Geckofx (build from source):

browser.NSSError += (s,e) => {
    CertOverrideService.RememberRecentBadCert(e.Uri);
    Uri refUrl = browser.Url;
    browser.Navigate(e.Uri.AbsoluteUri, refUrl != null ? refUrl.AbsoluteUri : null);
    e.Handled = true;
};



回答2:


In GeckoFx 60 RememberRecentBadCert is now depraced so you have to use RememberValidityOverride

browser.NSSError += (s, e) =>
{
    if (e.Message.Contains("Certificate"))//Peer's Certificate issuer is not recognized.
    {
        CertOverrideService.GetService().RememberValidityOverride(e.Uri, e.Certificate, CertOverride.Mismatch | CertOverride.Time | CertOverride.Untrusted, false);
        if (!e.Uri.AbsoluteUri.Contains(".js") && !e.Uri.AbsoluteUri.Contains(".css")) browser.Navigate(e.Uri.AbsoluteUri);
        e.Handled = true;//otherwise shows error
    }
};

Reference: https://bitbucket.org/geckofx/geckofx-60.0/src/default/Geckofx-Core/Services/CertOverrideService.cs

With handling cert errors my browser started to work almost normally but still those cert errors were causing unexpected errors. Thats why I added cert I wanted to use to Windows root certificates. But it still didnt work. Finally I have found out that GeckoFX by default doesnt import stored Windows certificates and it has to be enabled by these preferences:

GeckoPreferences.User["security.enterprise_roots.enabled"] = true;
GeckoPreferences.User["security.enterprise_roots.auto-enabled"] = true;

This 2 prefs did the job and finally I didnt get ANY "Untrusted certificate" errors. Heuréka !




回答3:


geckoWebBrowser1.NSSError += geckoWebBrowser1_NSSError;

void geckoWebBrowser1_NSSError(object sender, Gecko.Events.GeckoNSSErrorEventArgs e)
            {
                if (e.Message.Contains("Certificate"))
                {
                    Gecko.CertOverrideService.GetService().RememberRecentBadCert(e.Uri, e.SSLStatus);
                    geckoWebBrowser1.Navigate(e.Uri.AbsoluteUri);
                    e.Handled = true;
                }

            }

Try it in gecko 33




回答4:


The code above does not work on version 29.0.2. There is a bug which caused the CertOverrideService.RememberRecentBadCert call to error out.

After upgrading to 29.0.11 it worked perfectly.

Here is the VB.NET code.

Sub IgnoreSSLError(ByVal sender As Object, ByVal e As Gecko.Events.GeckoNSSErrorEventArgs) Handles WebBrowserRehab.NSSError
        CertOverrideService.RememberRecentBadCert(e.Uri)
        WebBrowserRehab.Navigate(e.Uri.AbsoluteUri)
        e.Handled = True
End Sub


来源:https://stackoverflow.com/questions/19238425/geckofx-22-by-pass-self-sign-cert

标签
geckofx
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!