Aller au contenu principal

Certificate Transparency Fix

· 2 mins de lecture

Electron 1.4. 2 contient une mise à jour importante qui corrige un problème de Chrome amont où certains Symantec, GeoTrust, et les certificats Thawte SSL/TLS sont incorrectement rejetés 10 semaines à partir de la date de construction de libchromiumcontent, la bibliothèque Chrome sous-jacente d'Electron. There are no issues with the certificates used on the affected sites and replacing these certificates will not help.


In Electron 1.4.0 1.4.11 HTTPS requests to sites using these affected certificates will fail with network errors after a certain date. This affects HTTPS requests made using Chrome's underlying networking APIs such as window.fetch, Ajax requests, Electron's net API, BrowserWindow.loadURL, webContents.loadURL, the src attribute on a <webview> tag, and others.

Upgrading your applications to 1.4.12 will prevent these request failures from occurring.

Note: This issue was introduced in Chrome 53 so Electron versions earlier than 1.4.0 are not affected.

Impact Dates

Below is a table of each Electron 1.4 version and the date when requests to sites using these affected certificates will start to fail.

Electron VersionImpact Date
1.3.xUnaffected
1.4.0Already failing
1.4.1Already failing
1.4.2Already failing
1.4.3December 10th, 2016 9:00 PM PST
1.4.4December 10th, 2016 9:00 PM PST
1.4.5December 10th, 2016 9:00 PM PST
1.4.6January 14th, 2017 9:00 PM PST
1.4.7January 14th, 2017 9:00 PM PST
1.4.8January 14th, 2017 9:00 PM PST
1.4.9January 14th, 2017 9:00 PM PST
1.4.10January 14th, 2017 9:00 PM PST
1.4.11February 11th, 2017 9:00 PM PST
1.4.12Unaffected

You can verify your app's impact date by setting your computer's clock ahead and then check to see if https://symbeta.symantec.com/welcome/ successfully loads from it.

More Information

You can read more about this topic, the original issue, and the fix at the following places: