Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable self-signed certificates or third-party CA's in IOWebSocketChannel #134

Closed
DrStefanFriedrich opened this issue Nov 15, 2020 · 6 comments
Closed

Enable self-signed certificates or third-party CA's in IOWebSocketChannel #134

DrStefanFriedrich opened this issue Nov 15, 2020 · 6 comments

Comments

@DrStefanFriedrich
Copy link

Class IOWebSocketChannel has only a very simple constructor.

By browsing a little bit through the code I saw internally the HttpClient class is used.

Are there any plans to expose the SecurityContext by an optional constructor parameter or another convenience constructor in IOWebSocketChannel, thus making self-signed certificates available? I think the solution would be to pass such a SecurityContext down to the HttpClient.

Please take a look at the following link:

https://dart-lang.github.io/server/tls-ssl.html#trusting-additional-cas
@au-top
Copy link

au-top commented Feb 2, 2021

I agree with that. It's important

@magnatronus
Copy link

Not sure if this helps but I have found a workaround (obviously use with extreme care)

in your app main.dart add the following

import 'dart.io';

class MyHttpOverrides extends HttpOverrides {
  @override
  HttpClient createHttpClient(SecurityContext context) {
    return super.createHttpClient(context)
      ..badCertificateCallback =
          (X509Certificate cert, String host, int port) => true;
  }
}

void main() {
  HttpOverrides.global = MyHttpOverrides();
  runApp(MyApp());
}

The HttpOverride.global allows the connection of a self signed wss connection, or at least it does for me running in a simulator on iOS connecting to a proxied NGINX server running on a RPi.

To turn off the override just comment out the HttpOverrides.global line

@au-top
Copy link

au-top commented Feb 26, 2021

thank , I generally understand the risks he brings, but he solves my problems .
I think we should try to use native code to add a specific certificate in Android project to avoid this kind of error reporting, although I didn't try

@DrStefanFriedrich
Copy link
Author

@magnatronus, thanks a lot for your comment. I have never heard about HttpOverrides before. This is indeed a global hook to provide your own implementation of an HttpClient.

@monkingame
Copy link

void main() {
HttpOverrides.global = MyHttpOverrides();
runApp(MyApp());
}

It works for me!
Thanks!

@tmtong
Copy link

tmtong commented Oct 24, 2021

What about for flutter web ?

@vasilich6107 vasilich6107 mentioned this issue Feb 8, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@magnatronus @monkingame @DrStefanFriedrich @tmtong @au-top