-
Notifications
You must be signed in to change notification settings - Fork 15k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Rapid requests to same domain cause session.setCertificateVerifyProc to break requests (maybe session related?) #28313
Comments
Tested on Ubuntu 20.10 w / Electron 11.3.0. @CaseyLeeMurphy's testcase gist https://gist.github.com/9235bb45412c6f55fba6b5703f467b87 behaved exactly as described on first run + on reload-without-exit. Possibly something is being cached between runs, because I was unable to reproduce the issue after the first run, whether testing with 11.3.0 or other versions of Electron. |
Looks like this is a crash in the network process:
|
This electron/patches/chromium/network_service_allow_remote_certificate_verification_logic.patch Line 52 in 665ac6f
|
Here's a stack trace from a debug build which indicates something different, looks like maybe a threading issue?
|
Preflight Checklist
Electron Version
11.3.0
What operating system are you using?
macOS
Operating System Version
macOS 11.2.2
What arch are you using?
x64
Last Known Working Electron version
Maybe never?
Expected Behavior
When rapid requests are made to the same domain, they are routed to the setCertificateVerifyProc's registered proc callback function. That callback function should then be able to call the resolution callback with the appropriate verificationResult (0, -2, -3) without causing an http request failures or session dumping
Actual Behavior
When rapid requests are made to the same domain, they are routed to the setCertificateVerifyProc's registered proc callback function. When calling the resolution callback function on a domain that has already been resolved using the callback function with 0 or -2, something in electron breaks. Not sure if it is session related, or something running the http requests
For example, 2 requests to foo.bar.com are made one right after another. Both requests then are sent to the setCertificateVerifyProc's registered callback function because the cert for that domain hasn't been verified yet. The first request is processed, and the callback is called with a 2 or 0. The second request then gets processed by the same callback function, and again the resolution callback is called with 2 or 0. When the second callback is executed, something with the session or something related to the way http requests gets broken, and causes https requests to fail
Testcase Gist URL
https://gist.github.com/9235bb45412c6f55fba6b5703f467b87
The text was updated successfully, but these errors were encountered: