On Wed Sep 3, 2025 at 12:16 PM CEST, Michael Köppl wrote: > On Tue Sep 2, 2025 at 12:17 PM CEST, Shan Shaji wrote: >> In android when a user installs a custom certificate the app was not >> honoring the installed certificate and was still throwing >> `HandShakeException`. >> >> To fix the issue, used the `crone_http` [0] package which will honor the > > nit: s/crone_http/cronet_http
Thanks will update it. > Also: if I understand correctly based on quick search, the regular > dart:io HttpClient simply doesn't honor user-installed certificates at > all and there's no way to change that at the moment [0]? Yes, The `IOClient` doesn't by default honor user installed certificates however it does honor well known trusted CAs. AFAIU, if we want to still use the IOClient we will have to manually trust the certificate [2]. > So adding this > dependency is necessary because it's one of the few ways (or maybe the > only way at the moment) to allow using user-installed certificates, > right? Another solution would be to fetch [0] the user installed certificate by using method channel and manually trust the certificates [1][2]. Since it worked with `cronet_http` i didn't test with the manual implementation. [0] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/android/src/main/kotlin/com/johnstef/flutter_user_certificates_android/FlutterUserCertificatesAndroidPlugin.kt#L33 [1] - https://api.flutter.dev/flutter/dart-io/SecurityContext/setTrustedCertificatesBytes.html [2] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/lib/flutter_user_certificates_android.dart#L13 > Just asking because I think it's always good to have some > rationale for additional dependencies. Might make sense to add this to > the commit message as well, I think. > > [0] https://github.com/dart-lang/sdk/issues/50435 > >> user installed certificates. Used the standalone embedded library [1] of >> cronet inorder to avoid the dependency on Google Play Services. >> >> [0] - https://pub.dev/packages/cronet_http >> [1] - https://pub.dev/packages/cronet_http#use-embedded-cronet >> >> Signed-off-by: Shan Shaji <s.sh...@proxmox.com> > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
