'CERTIFICATE_VERIFY_FAILED' exception is thrown, when connection to server with self

<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clip

it doesn't seem like onHttpClientCreate() is ever reached: <div class="highlight h

Actual on March 2024: <code class="notranslate

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Consider adding support for badCertificateCallback. <div class="snippet-clipboard-

Are you sure? I have run the code as follows: <div class="highlight highlight-sour

https over self-signed certificate about dio HOT 19 CLOSED

pepie commented on July 30, 2024 3

https over self-signed certificate

from dio.

Comments (19)

anisalibegic commented on July 30, 2024 60

(dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate = (HttpClient client) {
    client.badCertificateCallback = (X509Certificate cert, String host, int port) => true;
    return client;
};

from dio.

pepie commented on July 30, 2024 5

it doesn't seem like onHttpClientCreate() is ever reached:

    Dio dio = new Dio();
    dio.onHttpClientCreate = (HttpClient client) {
      print('onHttpClientCreate entered...');  // this code is never reached
      client.badCertificateCallback = (X509Certificate cert, String host, int port) => true;
      return client;
    };

   Response<String> response=await dio.get(url);  //CERTIFICATE_VERIFY_FAILED:ok

from dio.

bambinoua commented on July 30, 2024 5

How to disable SSL certificate check using Dio in WEB ENVIRONMENT?

from dio.

pepie commented on July 30, 2024 4

Closing this issue since a solution was found.
class MyHttpOverrides extends HttpOverrides{
@OverRide
HttpClient createHttpClient(SecurityContext context){
HttpClient client= super.createHttpClient(context); //<<--- notice 'super'
client.badCertificateCallback = (X509Certificate cert, String host, int port)=> true;
return client;
}
}

void main(){
HttpOverrides.global = new MyHttpOverrides();
runApp(new App());
}

from dio.

lukas-pierce commented on July 30, 2024 3

Actual on March 2024:

~~onHttpClientCreate~~ callback is deprecated. Now you should use createHttpClient and return your own HttpClient instance:

import 'dart:io';
import 'package:dio/dio.dart';
import 'package:dio/io.dart';

Dio createDio({required String baseUrl, bool trustSelfSigned = false}) {
  // initialize dio
  final dio = Dio()
    ..options.baseUrl = baseUrl;

  // allow self-signed certificate
  (dio.httpClientAdapter as IOHttpClientAdapter).createHttpClient = () {
    final client = HttpClient();
    client.badCertificateCallback = (cert, host, port) => trustSelfSigned;
    return client;
  };
  
  return dio;
}

from dio.

wendux commented on July 30, 2024 1

@pepie Ok, May you overwrite OnHttpClientCreate callback somewhere ?

from dio.

wendux commented on July 30, 2024

You should create a SecurityContext object to trust your certificate in onHttpClientCreate callback, for examples:

  dio.onHttpClientCreate = (HttpClient client) {
    // create a `SecurityContext` instance to trust you certificate
    return HttpClient(securityContext)
  };

More about SecurityContext please refer to dart doc -SecurityContext

from dio.

pepie commented on July 30, 2024

Consider adding support for badCertificateCallback.

 HttpClient httpClient = new HttpClient()
      ..badCertificateCallback =
      ((X509Certificate cert, String host, int port) => trustSelfSigned);

perhaps as an option to the constructor:

new Dio({acceptSelfSignedCert: false})

from dio.

wendux commented on July 30, 2024

Are you sure? I have run the code as follows:

    dio.onHttpClientCreate = (HttpClient client) {
      print("dio xxxx");
      client.badCertificateCallback =
          (X509Certificate cert, String host, int port) {
        return true;
      };
    };

Console log

I/flutter (18963): dio xxxx

Which version of dio do you use? 0.1.3?

from dio.

pepie commented on July 30, 2024

Yes, It never ran on my box.
It's a little weird.

I've submitted a pull request to support self-signed certs.
#33

Please consider. This works.
Another option would be to allow one to pass the entire callback, instead of setting trustSelfSignedCerts to true.

Great plugin btw!!

from dio.

pepie commented on July 30, 2024

@wendux I created a new project and was able to confirm dio.onHttpClientCreate() ran successfully.
I'll have to figure out why it wasn't triggered in the first project, bu the problem seems to be local.

Using version 0.1.3
FYI

from dio.

pepie commented on July 30, 2024

I'm guessing that's the case.
I'll send an update if I discover anything strange.
Thanks!

from dio.

lyquocnam commented on July 30, 2024

what about this issuse ?

from dio.

cdvv7788 commented on July 30, 2024

It seems that @pepie found a solution (check #33 ). Should this issue be closed? Does this specific case need to be documented?

From gitme Android

from dio.

abgrano commented on July 30, 2024

Dio dio = new Dio();
(dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate =
(HttpClient client) {
client.badCertificateCallback =
(X509Certificate cert, String host, int port) => true;
return client;
};

from dio.

arnbut commented on July 30, 2024

DioForNative dio = DioForNative();
DefaultHttpClientAdapter httpClient = dio.httpClientAdapter;
httpClient.onHttpClientCreate = (HttpClient client) {
client.badCertificateCallback =
(X509Certificate cert, String host, int port) {
return true;
};
};
and then you can make dio.post and dio.get requests.

from dio.

LukeDaniel16 commented on July 30, 2024

(dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate = (HttpClient client) {
    client.badCertificateCallback = (X509Certificate cert, String host, int port) => true;
    return client;
};

This is not SAFE for production versions!

We need other reply to resolve it, anyone?

from dio.

samatzp commented on July 30, 2024

@bambinoua Have you found a solution for flutter web?

from dio.

jparsoft commented on July 30, 2024

In my case I needed to use an self signed certificate and the solution was this:

Future<Response> secureRequest(
    String path, {
    method = 'GET',
    Map<String, dynamic>? queryParameters,
    dynamic data,
    Map<String, String>? headers,
  }) async {
    
   // convert my certificate to pem

   // openssl x509 -in client.crt -out client.pem 
   // openssl rsa -in client.key -out clientkey.pem
     

    ByteData dataCRT = await rootBundle.load('assets/ca/client.pem');
    ByteData dataKey = await rootBundle.load('assets/ca/clientkey.pem');

    Dio dio = Dio();
    dio.interceptors.add(_interceptor);
    (dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate =
        (client) {
      SecurityContext serverContext = SecurityContext();

      serverContext.useCertificateChainBytes(dataCRT.buffer.asUint8List());
      serverContext.usePrivateKeyBytes(dataKey.buffer.asUint8List());
      // use a new client for add the certificate and accept self signed certificate and return it
      var newClient = HttpClient(context: serverContext);
      newClient.badCertificateCallback =
          (X509Certificate cert, String host, int port) => true;
      return newClient;
    };
    logger.i("secureRequest");
    logger.d("path: $path");

    return await dio.request(path,
        data: data,
        queryParameters: queryParameters,
        options: Options(
          headers: headers,
          method: method,
        ));
  }

from dio.

https over self-signed certificate about dio HOT 19 CLOSED

Comments (19)

Console log

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent