5

Can anyone help me get passed this example with a self signed cert. I need to be able to allow my users to accept a self signed cert if that is what they are using.

I am using the example from : https://flutter.io/cookbook/networking/web-sockets/

Everything works fine if ssl cert is valid or SSL is not used. Just need to get passed the self signed hump

class MyApp extends StatelessWidget { @override Widget build(BuildContext context) { final title = 'WebSocket Demo'; Map headers = new Map<String,dynamic>(); headers["XXXXXX"] = "XXXX"; headers["XXXXXX"] = "13"; headers["Origin"] = "XXXXXX"; headers["Authorization"] = "XXXXXX"; return MaterialApp( title: title, home: MyHomePage( title: title, channel: IOWebSocketChannel.connect('wss://10.1.1.154:443/rest/subscribe',headers: headers), ), ); } }
Improve this question

3 Answers 3

Reset to default
5

This is a great temporary fix ! it works on local ip with self signed certificate. (Please modify the badCertificateCallback to your needs)

class MyHttpOverrides extends HttpOverrides { @override HttpClient createHttpClient(SecurityContext? context) { return super.createHttpClient(context) ..badCertificateCallback = (X509Certificate cert, String host, int port) => true; // add your localhost detection logic here if you want } } void main() { HttpOverrides.global = MyHttpOverrides(); runApp(MaterialApp(home: MyApp())); }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I don't think you will find a way to get many websocket clients to accept a self-signed certificate, and I don't see a way to do it with this specific library. It's not exactly an answer to your question, but I wanted to mention that signed certificates are available for free now (https://letsencrypt.org/). I don't know if that's an option for you and/or your users. Other than that, I am not familiar with the language so I cannot be of much help. I cannot believe that you would wish to disable validation of the certificates, though. It really seems like the best solution would be to avoid using self-signed certificates.

Improve this answer

1 Comment

Yep. letsencrpyt is very useful. NOTE: This is an attempt at a re-write for an already running app to make it one code base. The problem is the hardware that my app runs on does not make it simple to use the letsencrypt script. We've asked for the ability but, its not happening. So, a lot of the userbase simple just uses a self signed and calls it good as long as they have an encryption barrier for message transmission. Its too bad. I was really liking the idea of trying to pull this off in flutter.
0

To accept self-signed certificate, an user must add it to its own trusted certificate storage - ie to make explicit action.

If you use Let's Encrypt keep in mind some non-up-to-date boxes/installations must add Let's Encrypt CA to trusted storage before they can verify your certificate - also an explicit action.

Thus said, Let's Encrypt is always great choice when making anything HTTPS/TLS/... decisions.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.