2

How to Bypass SSL Certificate Verification in flutter?

Error: Handshake Exception: Handshake error in client(OS Error:CERTIFICATE_VERIFY_FAILED:self signed certificate(handshake.cc:345)

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Haroon Ahmed
  • 21
  • 1
  • 3
  • Check this post: https://stackoverflow.com/questions/54285172/how-to-solve-flutter-certificate-verify-failed-error-while-performing-a-post-req – Amroun Oct 26 '20 at 08:34

2 Answers2

2

You need to configure your HttpService to work with Self-Signed SSL local servers. Like this:


import 'dart:io';
import 'dart:convert';
class HttpService {
  Future<dynamic> sendRequestToServer(dynamic model, String                         reqType, bool isTokenHeader, String token) async {
      HttpClient client = new HttpClient();
      client.badCertificateCallback =((X509Certificate cert, String  host, int port) => true);
      HttpClientRequest request = await         client.postUrl(Uri.parse("https://${serverConstants.serverUrl}$reqType"));
      request.headers.set('Content-Type', 'application/json');
      if(isTokenHeader){
         request.headers.set('Authorization', 'Bearer $token');
      }
     request.add(utf8.encode(jsonEncode(model)));
     HttpClientResponse result = await request.close();
     if(result.statusCode == 200) {
        return jsonDecode(await result.transform(utf8.decoder)
        .join());
     } else {
        return null;
     }
   }
}

Read more from here.

Akif
  • 7,098
  • 7
  • 27
  • 53
2

It seems that you are using a self signed certificate, which is not trusted by the OS. You can set it as trusted following these steps:

Create a class that overrides HttpOverrides in the following way:

class MyHttpOverrides extends HttpOverrides {
  @override
  HttpClient createHttpClient(SecurityContext context) {
    return super.createHttpClient(context)
          ..badCertificateCallback = (X509Certificate cert, String host, int port) {
            //add your certificate verification logic here
            return true;
          };
  }
}

Then, in your main method, instance your class and set it as the global HttpOverride:

HttpOverrides.global = new DevHttpOverrides();

If badCertificateCallback returns true it will accept all bad certificates; if returns false it will reject a bad certificate.

link. https://stackoverflow.com/a/66268556/11738366

wxkly
  • 141
  • 1
  • 7
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/31801004) – Dani3le_ May 24 '22 at 12:11