In iOS when a user installs a custom certificate and manually trusts it from the certificate trust settings of iOS. The app was not honoring the installed certificate [0] and was still throwing `HandShakeException`.
The issue is because the `IOClient` doesn't by default honor user installed certificate. To fix the issue, used the `cupertino_http` [1] package which will honor the user installed certificates. The `cupertino_http` package internally uses the native iOS URL loading system [2]. - [0] https://support.apple.com/en-us/102390 - [1] https://pub.dev/packages/cupertino_http - [2] https://developer.apple.com/documentation/foundation/url-loading-system Signed-off-by: Shan Shaji <s.sh...@proxmox.com> --- lib/src/utils_native.dart | 10 +++++++++- pubspec.lock | 18 +++++++++++++++++- pubspec.yaml | 1 + 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/lib/src/utils_native.dart b/lib/src/utils_native.dart index a4b7397..de66b31 100644 --- a/lib/src/utils_native.dart +++ b/lib/src/utils_native.dart @@ -1,4 +1,5 @@ import 'package:cronet_http/cronet_http.dart'; +import 'package:cupertino_http/cupertino_http.dart'; import 'package:http/http.dart' as http; import 'package:http/io_client.dart' as http_io; import 'dart:io'; @@ -6,9 +7,10 @@ import 'dart:io'; http.Client getCustomIOHttpClient({bool validateSSL = true}) { var ioClient = HttpClient(); + const cacheMaxSizeInBytes = 1024 * 1024; if (Platform.isAndroid && validateSSL) { final engine = CronetEngine.build( - cacheMaxSize: 1024 * 1024, + cacheMaxSize: cacheMaxSizeInBytes, cacheMode: CacheMode.memory, ); return CronetClient.fromCronetEngine( @@ -17,6 +19,12 @@ http.Client getCustomIOHttpClient({bool validateSSL = true}) { ); } + if (Platform.isIOS && validateSSL) { + final config = URLSessionConfiguration.ephemeralSessionConfiguration() + ..cache = URLCache.withCapacity(memoryCapacity: cacheMaxSizeInBytes); + return CupertinoClient.fromSessionConfiguration(config); + } + if (!validateSSL) { ioClient.badCertificateCallback = ((X509Certificate cert, String host, int port) { diff --git a/pubspec.lock b/pubspec.lock index dbedb07..229ce66 100644 --- a/pubspec.lock +++ b/pubspec.lock @@ -169,6 +169,14 @@ packages: url: "https://pub.dev"; source: hosted version: "3.0.6" + cupertino_http: + dependency: "direct main" + description: + name: cupertino_http + sha256: "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae" + url: "https://pub.dev"; + source: hosted + version: "2.3.0" dart_style: dependency: transitive description: @@ -350,6 +358,14 @@ packages: url: "https://pub.dev"; source: hosted version: "2.0.2" + objective_c: + dependency: transitive + description: + name: objective_c + sha256: "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7" + url: "https://pub.dev"; + source: hosted + version: "7.1.0" package_config: dependency: transitive description: @@ -613,4 +629,4 @@ packages: version: "3.1.3" sdks: dart: ">=3.9.0 <4.0.0" - flutter: ">=3.22.0" + flutter: ">=3.24.0" diff --git a/pubspec.yaml b/pubspec.yaml index 97c4783..9094c4d 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -11,6 +11,7 @@ dependencies: built_collection: ^5.1.1 retry: ^3.1.0 cronet_http: ^1.5.0 + cupertino_http: ^2.3.0 dev_dependencies: lints: ^6.0.0 -- 2.50.1 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
