Closed amugofjava closed 2 years ago
Hi @amugofjava ,
do you have a solution in mind yet ?
Just in case : On another project, adding the ISRG Root X1
certificate as trusted on runtime worked fine.
Hi @Chralu,
There looks to be a couple of ways of doing it. You can call HttpOverrides.global
, set your own implementation and then handle the cert error callback. Not ideal though.
The second is to add the updated CA to the trusted list which is what I am currently looking at.
How did you add the ISRG Root X1
certificate to your project?
Adding the Let's Encrypt certificate to the chain seems to work.
You can download the ISRG Root X1
certificate here.
I used the self-signed PEM.
SecurityContext
SecurityContext
I never tested this, but it seems pretty clean to me.
final cerFile = await rootBundle.load("assets/isrg-root-x1.pem");
SecurityContext.defaultContext.setTrustedCertificatesBytes(
cerFile.buffer.asUint8List(),
);
SecurityContext
injected in third party libsThis is the way I used previously. The way to inject SecurityContext
depends on the HTTP lib used.
final securityContext = SecurityContext();
final cerFile = await rootBundle.load("assets/isrg-root-x1.pem");
securityContext.setTrustedCertificatesBytes(
cerFile.buffer.asUint8List(),
);
// Inject securityContext in the HTTP lib/SDK
Damn, you were faster than me XD
Thanks @Chralu, that backs up my thoughts on the solution. It does seem to work; however, I have to set the context just before the first time I use it. If I try and set that up in the constructor of my API class it fails. Odd, but hopefully I'll get to the bottom of it. Maybe at construction time the context is not ready.
It might be because of the constructor being sync
, so it ends before the await rootBundle.load(...)
is done.
You might have to add a Future init(){}
method to the API class, and call it during app startup.
Fixed in latest feature branch. Testing before merging into master.
Describe the bug Podcasts that use Let's Encrypt as their CA fail to load.
To Reproduce Steps to reproduce the behavior:
Issue The Let's Encrypt CA expired at the end of September 2021. This is causing issues with older Android devices which cannot update it's list of CA's. Later versions of Android are fine.