Flutter Websocket client ssl handshake failure
1,459
class MyHttpOverrides extends HttpOverrides {
@override
HttpClient createHttpClient(SecurityContext context) {
return super.createHttpClient(context)
..badCertificateCallback =
(X509Certificate cert, String host, int port) => true;
}
}
void main() {
HttpOverrides.global = new MyHttpOverrides();
runApp(MyApp());
}
Author by
SSK
Having 7+ years of experience in Java and related technology, in the BFSI domain. Currently working as Microservices-Architecture for a reputed organization.
Updated on December 22, 2022Comments
-
SSK over 1 year
The server works correctly, tested with an echo client.
Altough when I run my app with:
final channel = IOWebSocketChannel.connect("wss://hostname:port"); channel.sink.add('test'); channel.stream.listen((message) { debugPrint(message); channel.sink.close(status.goingAway);
The debug console exceptions with this recurring message:
E/flutter (19705): [ERROR:flutter/lib/ui/ui_dart_state.cc(166)] Unhandled Exception: WebSocketChannelException: WebSocketChannelException: HandshakeException: Handshake error in client (OS Error: E/flutter (19705): CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))
I tried in many ways make my flutter app trust the Let`s Encrypt CA with no success.
Any response towards resolving my issue will be much appreciated!
-
Steffen Ullrich almost 4 yearsMy guess is that the site is improperly setup, i.e. either having a bad certificate or missing intermediate certificates. And the echo client might simply ignore such problems (browsers usually work around missing intermediate certificates, others don't). If you would provide the actual hostname and port and might be able to provide more details but you might also try to check with SSLLabs - but be sure to use the same port as target.
-
Admin almost 4 yearsAccording to SSLLabs: only my DNS CAA is incomplete, it also only uses TLS 1.2
-
Steffen Ullrich almost 4 yearsDNS CAA and TLS 1.2 only do not matter regarding certificate validation.
-
Admin almost 4 yearsThen idk what's wrong, its quite frustrating, I must have an encrypted communication. The weird thing is that sometimes the client is establishing an ssl handshake with the server, but most of the time, the exception is shown.
-
Steffen Ullrich almost 4 yearsTo cite myself: "If you would provide the actual hostname and port and might be able to provide more details ...". Without these details it is impossible to say what's wrong. If it works sometimes but not always it would be interesting what the difference is in these scenarios. Different network?
-
Admin almost 4 yearsSame network, same settings...
-