0

Hello my Friends,
i have a Problem with adding the self signed Certificate or the Handshake.
Explanation: This App should save the certificate on Start-Up as a TrustedCertificate. Everything works till this point, I think. Then a the User is asked to put in his login in credentials and click the login button.

Now i am trying to connect to a rest-api which has created the certificates. But now the Exception-message appears:

HandshakeException: Handshake error in client (OS Error:
CERTIFICATE_VERIFY_FAILED: application verification failure(handshake.cc:393))

I cant figure out why this happens because the certificate is loaded. And the server is receiving the Handshake Request.
When i am not using ssl i can connect to the server without problem but i need to use ssl because of security reasons.
It also worked on Android without a Problem.
Could you please help me and explain why this is not working?

Main.dart

void main() async {
  WidgetsFlutterBinding.ensureInitialized();

  // Load server certificate for TLS connection and set it to trusted
  ByteData data = await rootBundle.load('asset/ca/certPy.pem');
  SecurityContext.defaultContext
      .useCertificateChainBytes(data.buffer.asUint8List());

  runApp(MaterialApp(home: LoginPage()));
}

apiservice.dart

class ApiService {
  // Stores the userlist from the server in json format
  static var userList;

  void setUserList(dynamic users) {
    userList = users;
  }
  // Called by the LoginButton
  // It makes an Rest Api call with authentication und gets the userlist in json format 
  Future<int> authenticateUser(String username, String password) async {
    final responseJson;
    int loginSuccess = -1;
    String basicAuth =
        'Basic ' + base64Encode(utf8.encode('$username:$password'));

    try {
      var response = await http
          .post(Uri.parse(ApiConstants.userLogin),
              //headers: <String, String>{'authorization': basicAuth},
              body: json.encode({
                'username': username.toString(),
                'password': password.toString(),
              }))
          .timeout(const Duration(seconds: 10));

      log(response.body.toString());

      switch (response.statusCode) {
        case 200:
          responseJson = jsonDecode(response.body);
          setUserList(responseJson);
          loginSuccess = 1;
          break;
        case 401:
          //responseJson = jsonDecode(response.body);
          loginSuccess = 2;
          break;
        default:
          //responseJson = jsonDecode(response.body);
          loginSuccess = 3;
          break;
      }
    } on SocketException {
      log("EXEPTION: A socket exception occoured");
      loginSuccess = 3;
    } catch (e) {
      log(e.toString());
      loginSuccess = 3;
    }
    return loginSuccess;
  }
}
Stefan Moser
  • 3
  • 3
  • You can follow this link : https://stackoverflow.com/questions/54285172/how-to-solve-flutter-certificate-verify-failed-error-while-performing-a-post-req – Hardik Mehta May 17 '22 at 10:31
  • @HardikMehta i know that this solution exists but the the problem is that this isn't very secure, because u actively ignoring what certificate is sended to you. – Stefan Moser May 17 '22 at 11:29

0 Answers0