search

LacticWhale / socks_dart

Socks5 server and client with ability to catch packet in both direction, chain proxies and more.
MIT License
14 stars 4 forks source link

`badCertificateCallback` Not Triggered for Self-Signed Certificates in `SocksSocket.secure` #7

Closed nns52k closed 5 months ago

nns52k commented 5 months ago

If the schema is HTTPS, and the proxy destination provides a self-signed certificate, the invocation SocksSocket.secure in line #86 in file ~/.pub-cache/hosted/pub.dev/socks5_proxy-1.0.5+dev.1/lib/src/client/socks_client.dart will throw an HandshakeException of which the message is:

HandshakeException: Handshake error in client (OS Error: 
    CERTIFICATE_VERIFY_FAILED: self signed certificate(handshake.cc:393))

The HttpClient variable that was passed to SocksTCPClient.assignToHttpClient has no chance to deal with the certificate. Usually we would expect the badCertificateCallback of the HttpClient to be triggered to decide whether or not to accept the certificate, but the current behavior is to throw an HandshakeException unhandled. There is no option to accept the self-signed certificate, if we want to.

nns52k commented 5 months ago

It turns out that method HttpClient.badCertificateCallback is not used. To deal with a bad certificate, pass a callback as the named argument onBadCertificate to static method SocksTCPClient.assignToHttpClientWithSecureOptions. Sorry for the noise.