Flutter Websocket client ssl handshake failure

java flutter ssl dart ca

1,459

    class MyHttpOverrides extends HttpOverrides {
  @override
  HttpClient createHttpClient(SecurityContext context) {
    return super.createHttpClient(context)
      ..badCertificateCallback =
          (X509Certificate cert, String host, int port) => true;
  }
}

void main() {
  HttpOverrides.global = new MyHttpOverrides();
  runApp(MyApp());
}

1,459

Author by

SSK

Having 7+ years of experience in Java and related technology, in the BFSI domain. Currently working as Microservices-Architecture for a reputed organization.

Updated on December 22, 2022

Comments

SSK over 1 year
The server works correctly, tested with an echo client.

Altough when I run my app with:
```
 final channel = IOWebSocketChannel.connect("wss://hostname:port");
    channel.sink.add('test');
    channel.stream.listen((message) {
      debugPrint(message);
      channel.sink.close(status.goingAway);
```
The debug console exceptions with this recurring message:
```
E/flutter (19705): [ERROR:flutter/lib/ui/ui_dart_state.cc(166)] Unhandled Exception: WebSocketChannelException: WebSocketChannelException: HandshakeException: Handshake error in client (OS Error: 
E/flutter (19705):  CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))
```
I tried in many ways make my flutter app trust the Let`s Encrypt CA with no success.

Any response towards resolving my issue will be much appreciated!
- Steffen Ullrich almost 4 years
  
  My guess is that the site is improperly setup, i.e. either having a bad certificate or missing intermediate certificates. And the echo client might simply ignore such problems (browsers usually work around missing intermediate certificates, others don't). If you would provide the actual hostname and port and might be able to provide more details but you might also try to check with SSLLabs - but be sure to use the same port as target.
- Admin almost 4 years
  
  According to SSLLabs: only my DNS CAA is incomplete, it also only uses TLS 1.2
- Steffen Ullrich almost 4 years
  
  DNS CAA and TLS 1.2 only do not matter regarding certificate validation.
- Admin almost 4 years
  
  Then idk what's wrong, its quite frustrating, I must have an encrypted communication. The weird thing is that sometimes the client is establishing an ssl handshake with the server, but most of the time, the exception is shown.
- Steffen Ullrich almost 4 years
  
  To cite myself: "If you would provide the actual hostname and port and might be able to provide more details ...". Without these details it is impossible to say what's wrong. If it works sometimes but not always it would be interesting what the difference is in these scenarios. Different network?
- Admin almost 4 years
  
  Same network, same settings...