From 721c97eef1a5b86a691f15f3da8e7cf6d1422148 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <jeremya@chromium.org>
Date: Fri, 31 Jan 2020 15:25:01 -0800
Subject: [PATCH 1/3] test: add test for app.on('certificate-error') event
 (#21978)

---
 spec-main/api-app-spec.ts | 12 ++++++++++++
 spec-main/index.js        |  3 ---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/spec-main/api-app-spec.ts b/spec-main/api-app-spec.ts
index be60a83ac232a..184ad09371d7f 100644
--- a/spec-main/api-app-spec.ts
+++ b/spec-main/api-app-spec.ts
@@ -317,6 +317,15 @@ describe('app module', () => {
     })
   })
 
+  describe('certificate-error event', () => {
+    afterEach(closeAllWindows)
+    it('is emitted when visiting a server with a self-signed cert', async () => {
+      const w = new BrowserWindow({ show: false })
+      w.loadURL(secureUrl)
+      await emittedOnce(app, 'certificate-error')
+    })
+  })
+
   // xdescribe('app.importCertificate', () => {
   //   let w = null
 
@@ -745,6 +754,7 @@ describe('app module', () => {
       if (process.platform === 'linux') {
         this.skip()
       }
+      session.fromPartition('empty-certificate').setCertificateVerifyProc((req, cb) => { cb(0) })
     })
 
     beforeEach(() => {
@@ -759,6 +769,8 @@ describe('app module', () => {
 
     afterEach(() => closeWindow(w).then(() => { w = null as any }))
 
+    after(() => session.fromPartition('empty-certificate').setCertificateVerifyProc(null))
+
     it('can respond with empty certificate list', async () => {
       app.once('select-client-certificate', function (event, webContents, url, list, callback) {
         console.log('select-client-certificate emitted')
diff --git a/spec-main/index.js b/spec-main/index.js
index dafa8db3fc5a4..9f2cfd9725f9d 100644
--- a/spec-main/index.js
+++ b/spec-main/index.js
@@ -20,9 +20,6 @@ v8.setFlagsFromString('--expose_gc')
 app.commandLine.appendSwitch('js-flags', '--expose_gc')
 // Prevent the spec runner quiting when the first window closes
 app.on('window-all-closed', () => null)
-// TODO: This API should _probably_ only be enabled for the specific test that needs it
-// not the entire test suite
-app.commandLine.appendSwitch('ignore-certificate-errors')
 
 // Use fake device for Media Stream to replace actual camera and microphone.
 app.commandLine.appendSwitch('use-fake-device-for-media-stream')

From bf062242908f4ad2680cbfc2b8e72ad48b20a7a8 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <jeremya@chromium.org>
Date: Mon, 10 Feb 2020 14:13:40 -0800
Subject: [PATCH 2/3] types

---
 spec-main/api-app-spec.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec-main/api-app-spec.ts b/spec-main/api-app-spec.ts
index 184ad09371d7f..36aa85f590ed4 100644
--- a/spec-main/api-app-spec.ts
+++ b/spec-main/api-app-spec.ts
@@ -8,7 +8,7 @@ import * as fs from 'fs'
 import * as path from 'path'
 import { homedir } from 'os'
 import split = require('split')
-import { app, BrowserWindow, Menu } from 'electron'
+import { app, BrowserWindow, Menu, session } from 'electron'
 import { emittedOnce } from './events-helpers';
 import { closeWindow, closeAllWindows } from './window-helpers';
 import { ifdescribe } from './spec-helpers';

From 54eed81cfb0b6d8980b8802b1a76e48a6fec4873 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <jeremya@chromium.org>
Date: Fri, 31 Jan 2020 09:25:46 -0800
Subject: [PATCH 3/3] fix: don't crash on invalid certs (#21976)

---
 shell/browser/api/electron_api_app.cc | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/shell/browser/api/electron_api_app.cc b/shell/browser/api/electron_api_app.cc
index 881949b74540f..5406d14a0effe 100644
--- a/shell/browser/api/electron_api_app.cc
+++ b/shell/browser/api/electron_api_app.cc
@@ -9,6 +9,7 @@
 #include <string>
 #include <vector>
 
+#include "base/callback_helpers.h"
 #include "base/command_line.h"
 #include "base/environment.h"
 #include "base/files/file_path.h"
@@ -701,15 +702,17 @@ void App::AllowCertificateError(
     bool is_main_frame_request,
     bool strict_enforcement,
     base::OnceCallback<void(content::CertificateRequestResultType)> callback) {
+  auto adapted_callback = base::AdaptCallbackForRepeating(std::move(callback));
   v8::Locker locker(isolate());
   v8::HandleScope handle_scope(isolate());
-  bool prevent_default = Emit(
-      "certificate-error", WebContents::FromOrCreate(isolate(), web_contents),
-      request_url, net::ErrorToString(cert_error), ssl_info.cert, callback);
+  bool prevent_default =
+      Emit("certificate-error",
+           WebContents::FromOrCreate(isolate(), web_contents), request_url,
+           net::ErrorToString(cert_error), ssl_info.cert, adapted_callback);
 
   // Deny the certificate by default.
   if (!prevent_default)
-    std::move(callback).Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY);
+    adapted_callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY);
 }
 
 base::OnceClosure App::SelectClientCertificate(