Self-signed cert for gRPC on Flutter
1,992
There doesn't seem to be an obvious solution on iOS for adding a trusted, self-signed root CA. Since production will likely have a publically trusted CA, you can work around by disabling TLS verification for development only.
Here's the relevant snippet of my full example repo:
Future<ClientChannel> makeChannel() async {
final caCert = await rootBundle.loadString('assets/pki/ca/ca.crt');
return ClientChannel(
'localhost',
port: 13100,
options: ChannelOptions(
credentials: ChannelCredentials.secure(
certificates: utf8.encode(caCert),
// --- WORKAROUND FOR SELF-SIGNED DEVELOPMENT CA ---
onBadCertificate: (certificate, host) => host == 'localhost:13100',
),
),
);
}
In this case, my server is listening on localhost:13100
.
Comments
-
Niki Yoshiuchi over 1 year
I have a Flutter app that communicates with a server using gRPC. The server is using a self-signed certificate for TLS. I have added the certificate to my Flutter app, and this works on Android. However on iOS I get CERTIFICATE_VERIFY_FAILED error. Does iOS just not allow self-signed certificates?
I am setting up my gRPC client as follows:
var cert = await rootBundle.load('assets/cert.crt'); var creds = ChannelCredentials.secure( certificates: cert.buffer.asUint8List().toList() ); var channel = ClientChannel( host, port: port, options: new ChannelOptions(credentials: creds)); return GrpcClient(channel);
-
Niki Yoshiuchi about 4 yearsThanks, this is essentially what I have ended up doing.
-
codeKiller almost 4 yearshey @AndiDog, my app behaves different depending on if i add
onBadCertificate
or not...without it, i get:CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate
and with it, i get:SSLV3_ALERT_BAD_CERTIFICATE
...both for the same.perm
file....any clue what can be wrong? -
AndiDog almost 4 yearsDebug the alert in Wireshark or in the logs? Since you see a difference, I assume the desired effect actually works, but you possibly still got a server-side alert for some other reason (e.g. bad client certificate).
-
AndiDog almost 4 years@JamesTan No. But which Flutter platform runs node? Are you cross-compiling server-side Dart code to node.js? Then maybe stackoverflow.com/questions/10888610/… helps.
-
James Tan almost 4 yearssorry i was using nodejs as client side, not flutter. havent try that reference, but i got this working: stackoverflow.com/questions/62108009/…