Unacceptable TLS certificate

[justlearn2140]

What OS are you using (uname -a, or Windows version)?

Linux user-super-server 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

What programming language are you using (C/C++/Go/Rust)?

go version go1.18.1 linux/amd64

What did you expect to see and what you saw instead?

Dear all
I want use w.Navigate("The URL without private"), but cannot proceeed to the URL.
The webview message is "Unacceptable TLS certificate".
Could you help provide some modted bypass this check for TLS?
or
Could you please provide another method for directly processing the URL with unsafe?

Thanks.

Below is the web message(by Chrome) with URL https://xx.xxx.xxx.xxx
It reminded me that this isn't a private network, but I'm still able to access the URL with unsafe.

Your connection is not private
Attackers might be trying to steal your information from xx.xxx.xxx.xxx (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
To get Chrome’s highest level of security, turn on enhanced protection

This server could not prove that it is xx.xxx.xxx.xxx; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

Proceed to xx.xxx.xxx.xxx (unsafe)

[SteffenL]

There are good reasons for not ignoring security issues which I will not get into here, so you could you please help us understand your use case better?

[justlearn2140]

That's a machine I set up myself, so I'm sure it's safe in terms of security.
But chrome still has a risk prompt and webview cannot be accessed.
Could you help provide tip or advice to access?

Thanks

[SteffenL]

The first idea that comes to mind is to fix the issue on the server side and/or have the appropriate CA certificates installed and trusted locally. Is that an option for you?

If not then then I suppose one would need to go through the documentation of the underlying browser engine and find a way to ignore trust issues.

[e3ndr]

If you have a domain which you can tie to it, Let’s Encrypt can issue you a free certificate which you’ll renew every 3 months.

[SteffenL]

If you really want to ignore security issues at all cost then the following example shows how to do it with C/C++ for Linux/WebKitGTK.

#include "webview.h"

int main() {
#ifdef WEBVIEW_GTK
  auto web_context = webkit_web_context_get_default();
  auto data_manager = webkit_web_context_get_website_data_manager(web_context);
  webkit_website_data_manager_set_tls_errors_policy(
      data_manager, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
#endif

  webview::webview w(false, nullptr);
  w.set_title("Example");
  w.set_size(480, 320, WEBVIEW_HINT_NONE);
  w.navigate("https://untrusted-root.badssl.com/");
  w.run();
  return 0;
}

[justlearn2140]

Thank you very much for your advice.
I'll try it and see if I could make it work on GO.
Since this is not a public URL, the certificate will not be considered first.

[SteffenL]

You can also modify the library by inserting the code into the constructor of the gtk_webkit_engine class.

[SteffenL]

I am not much into Go but this is what I came up with.

package main

/*
#cgo linux pkg-config: webkit2gtk-4.0
#include <webkit2/webkit2.h>
*/
import "C"
import "github.com/webview/webview"

func main() {
	web_context := C.webkit_web_context_get_default()
	data_manager := C.webkit_web_context_get_website_data_manager(web_context)
	C.webkit_website_data_manager_set_tls_errors_policy(data_manager, C.WEBKIT_TLS_ERRORS_POLICY_IGNORE)

	w := webview.New(false)
	defer w.Destroy()
	w.SetTitle("Example")
	w.SetSize(480, 320, webview.HintNone)
	w.Navigate("https://untrusted-root.badssl.com/")
	w.Run()
}