fix: deny instead of canceling when certificate-error passes false (#29826)

shell/browser/api/electron_api_app.cc

@@ -412,7 +412,7 @@ struct Converter<content::CertificateRequestResultType> {
     if (!ConvertFromV8(isolate, val, &b))
       return false;
     *out = b ? content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE
-             : content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
+             : content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
     return true;
   }
 };

spec-main/api-app-spec.ts

@@ -319,6 +319,24 @@ describe('app module', () => {
       w.loadURL(secureUrl);
       await emittedOnce(app, 'certificate-error');
     });
+
+    describe('when denied', () => {
+      before(() => {
+        app.on('certificate-error', (event, webContents, url, error, certificate, callback) => {
+          callback(false);
+        });
+      });
+
+      after(() => {
+        app.removeAllListeners('certificate-error');
+      });
+
+      it('causes did-fail-load', async () => {
+        const w = new BrowserWindow({ show: false });
+        w.loadURL(secureUrl);
+        await emittedOnce(w.webContents, 'did-fail-load');
+      });
+    });
   });
 
   // xdescribe('app.importCertificate', () => {