Pub on Windows uses SecurityContext.defaultContext which doesn't work with self signed certificates

[dnfield]

This may be semi-related to #1826

When trying to install Flutter on a Windows machine that has a self-signed SSL certificate, I just get an endless loop like this:

C:\Users\dnfield>flutter doctor
Updating flutter tool...
Got TLS error trying to find package mockito at https://pub.dartlang.org.
Error: Unable to 'pub upgrade' flutter tool. Retrying in five seconds...

On macOS with the same self signed cert, this works fine because Dart looks to the machine's Cert store - but on Windows and Linux it uses the Mozilla list (https://api.dartlang.org/dev/2.0.0-dev.50.0/dart-io/SecurityContext/defaultContext.html). I haven't checked a Linux environment and don't currently have easy access to one, but I imagine Linux users with self signed CAs would face a similar issue.

Could we get an option/environment variable/setting to allow or specify self signed certificates that are acceptable (basically using a custom SecurityContext)? I'm not 100% sure if the issue should be on pub or be on dart-sdk, but my main issue right now is with pub. I think the best solution would be to have the Dart SDK recognize self signed trusted certs in the machine store, but I'm not clear on a timeline for that and it seems like it might be easier to get pub to recognize this short term.

https://github.com/dart-lang/pub/blob/master/lib/src/source/hosted.dart#L133

[nex3]

The default certificate store Dart uses is up to the Dart SDK, not to pub.

[natebosch]

The linked issue has this, but I'll comment here as well

I think you should be able to work around this with DART_VM_OPTIONS=--root-certs-file=some_file pub get. Please comment at dart-lang/sdk#25615 if that doesn't work for you.

[FlareDev0]

Hi Natebosch, can you please explain how to use DART_VM_OPTIONS=--root-certs-file=some_file pub get ....Im new to Flutter....

[natebosch]

replace pub get with flutter packages get and run from the command line:

DART_VM_OPTIONS=--root-certs-file=some_file flutter packages get

[MilindDivre]

and where do we have this pub get ? Sorry but could you please explain step by step, i am naive to flutter

[zoechi]

@MilindDivre pub get is the equivalent of flutter packages get outside Flutter (or what flutter packages get executes behind the scenes).
You can ignore it exists, just use flutter packages get

[shajji1]

can anyone tell me how i can get certificate file ?

[maks1981]

Who could help me guys? i have an issue with this one, I have not any idea how to solve it, please any solution way....
https://gyazo.com/88d445d2d62d403fdf034c604b9b6cc1

[maks1981]

replace pub get with flutter packages get and run from the command line:

DART_VM_OPTIONS=--root-certs-file=some_file flutter packages get

Who could help me guys? i have an issue with this one, I have not any idea how to solve it, please any solution way....
https://gyazo.com/88d445d2d62d403fdf034c604b9b6cc1

[jmshrv]

@maks1981 I'm assuming you're literally running DART_VM_OPTIONS=--root-certs-file=some_file flutter packages get. You need to provide your organisation's certificate instead of some_file

[nehuenKC]

any solution for windows? this command dont seems to work.
DART_VM_OPTIONS=--root-certs-file=some_file flutter packages get

in the verbose mode i notice this datail in the error.

[ +189 ms] IO  : HTTP error:
[   +2 ms]     | HandshakeException: Handshake error in client (OS Error:
[        ]     |        CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate
chain(../../third_party/boringssl/src/ssl/handshake.cc:354))

Cant be the SSL by pass??

[hashiqi12138]

@nehuenKC
first you need a cert from the pub site https://pub.dartlang.org/ or https://pub.flutter-io.cn, you can visite the pub site with chrome, and export the license to local ,it is supposed to be a .cer file

then you need to convert the .cert file to .pem file with command openssl x509 -inform der -in flutter.cer -out flutter.pem

i will assume that you are using windows, and after that, you need to add an user environment variables, name is DART_VM_OPTIONS , value should be the path to the converted .pem file, such as C:\Users\xxx\Desktop\ca\flutter.pem

finally, you should open a new cmd window to make sure the changes are reflected, then flutter packages get

this works for me.

[SiddharthGadekar]

@nehuenKC
first you need a cert from the pub site https://pub.dartlang.org/ or https://pub.flutter-io.cn, you can visite the pub site with chrome, and export the license to local ,it is supposed to be a .cer file

then you need to convert the .cert file to .pem file with command openssl x509 -inform der -in flutter.cer -out flutter.pem

i will assume that you are using windows, and after that, you need to add an user environment variables, name is DART_VM_OPTIONS , value should be the path to the converted .pem file, such as C:\Users\xxx\Desktop\ca\flutter.pem

finally, you should open a new cmd window to make sure the changes are reflected, then flutter packages get

this works for me.

Hi,

Thanks for the step by step guide on how to resolve the issue.
I followed the steps mentioned but I still get the following error :

HTTP error:
[ ] | HandshakeException: Handshake error in client (OS Error:
[ ] | CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate
chain(../../third_party/boringssl/src/ssl/handshake.cc:354))

Any idea how this can be resolved or what might be causing it?

[hashiqi12138]

@nehuenKC
first you need a cert from the pub site https://pub.dartlang.org/ or https://pub.flutter-io.cn, you can visite the pub site with chrome, and export the license to local ,it is supposed to be a .cer file
then you need to convert the .cert file to .pem file with command openssl x509 -inform der -in flutter.cer -out flutter.pem
i will assume that you are using windows, and after that, you need to add an user environment variables, name is DART_VM_OPTIONS , value should be the path to the converted .pem file, such as C:\Users\xxx\Desktop\ca\flutter.pem
finally, you should open a new cmd window to make sure the changes are reflected, then flutter packages get
this works for me.

Hi,

Thanks for the step by step guide on how to resolve the issue.
I followed the steps mentioned but I still get the following error :

HTTP error:
[ ] | HandshakeException: Handshake error in client (OS Error:
[ ] | CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate
chain(../../third_party/boringssl/src/ssl/handshake.cc:354))

Any idea how this can be resolved or what might be causing it?

when i check my reply, i found that i made a mistake.

the value of the DART_VM_OPTIONS environment variable shoule be --root-certs-file=path-to-.pem-file like --root-certs-file=D:\SoftWare\FlutterSDK\cert\flutter.pem.

you may try it again.

[SiddharthGadekar]

@nehuenKC
first you need a cert from the pub site https://pub.dartlang.org/ or https://pub.flutter-io.cn, you can visite the pub site with chrome, and export the license to local ,it is supposed to be a .cer file
then you need to convert the .cert file to .pem file with command openssl x509 -inform der -in flutter.cer -out flutter.pem
i will assume that you are using windows, and after that, you need to add an user environment variables, name is DART_VM_OPTIONS , value should be the path to the converted .pem file, such as C:\Users\xxx\Desktop\ca\flutter.pem
finally, you should open a new cmd window to make sure the changes are reflected, then flutter packages get
this works for me.

Hi,
Thanks for the step by step guide on how to resolve the issue.
I followed the steps mentioned but I still get the following error :
HTTP error:
[ ] | HandshakeException: Handshake error in client (OS Error:
[ ] | CERTIFICATE_VERIFY_FAILED: self signed certificate in certificate
chain(../../third_party/boringssl/src/ssl/handshake.cc:354))
Any idea how this can be resolved or what might be causing it?

when i check my reply, i found that i made a mistake.

the value of the DART_VM_OPTIONS environment variable shoule be --root-certs-file=path-to-.pem-file like --root-certs-file=D:\SoftWare\FlutterSDK\cert\flutter.pem.

you may try it again.

Hi,

Thanks for the reply. I had noticed the error and kept the value of the variable as you have mentioned. Unfortunately, I still get the aforementioned error. It has something to do with the company proxy/firewall I guess. Did you do any firewall rule modification?

[hashiqi12138]

i am in the company proxy, and i also encountered this self-signed certificate problem, but now i can run fluuter with the steps mentioned above.

so, maybe it's not the same problem as mine.

[SiddharthGadekar]

i am in the company proxy, and i also encountered this self-signed certificate problem, but now i can run fluuter with the steps mentioned above.

so, maybe it's not the same problem as mine.

Hi,

I followed the steps again and it worked, I was giving the certificate path incorrectly. Thanks a lot for the help.