search

aws-amplify / amplify-flutter

A declarative library with an easy-to-use interface for building Flutter applications on AWS.
https://docs.amplify.aws
Apache License 2.0
1.3k stars 239 forks source link

Unable to get local issuer certificate when configure Amplify on Windows Devices #4714

Open CarlosEspinozaMaruri opened 2 months ago

CarlosEspinozaMaruri commented 2 months ago

Description

I encountered an issue while configuring Authentication and Analytics in our cross-platform mobile app (Android, iOS, Windows). When attempting Amplify.configure(amplifyConfig), an error is triggered, but this issue is isolated to certain Windows devices. The configuration process works without issues on Android and iOS devices.

Error Details: The error message received is as follows:

flutter: WARN  | Analytics  | Could not update endpoint: NetworkException {
  "message": "The request failed due to a network error.",
  "recoverySuggestion": "Ensure that you have an active network connection",
  "underlyingException": "POST https://cognito-identity.us-west-2.amazonaws.com/? failed: HandshakeException: Handshake error in client (OS Error: \n\tCERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(../../third_party/boringssl/src/ssl/handshake.cc:393))"
}

In certain cases, reinstalling the app temporarily resolves the issue on affected Windows devices. However, the problem resurfaces consistently after 1-2 days post reinstallation.

Auth error is a similar one with the same underlyingException.

Notes Connectivity: Stable internet connection via LAN wire. Windows version: Windows 10 Home

Categories

Steps to Reproduce

Try to configure amplify plugins using Amplify.configure(amplifyConfig)

Screenshots

image image

Platforms

Flutter Version

3.10.0

Amplify Flutter Version

1.7.0 and lower

Deployment Method

Amplify CLI

Schema

No response

NikaHsn commented 2 months ago

@CarlosEspinozaMaruri thanks for taking the time to raise this issue. Can you please share the code for instantiating the plugins you use before calling amplify.configure()

CarlosEspinozaMaruri commented 2 months ago

@NikaHsn Sure,

 try {
    await amplify_flutter.Amplify.addPlugins(
      [
        pinpoint.AmplifyAnalyticsPinpoint(),
        auth_cognito.AmplifyAuthCognito(),
      ],
    );
    await amplify_flutter.Amplify.configure(amplifyconfig);
  } on amplify_flutter.AmplifyAlreadyConfiguredException catch (_) {
    print(
        "Tried to reconfigure Amplify; this can occur when your app restarts on Android.");
 }
NikaHsn commented 2 months ago

The issue with HTTPS calls failing due to Dart's inability to verify the SSL certificate is a known problem in Dart with an open issue dart-lang/http/issues/627 can you please confirm if the devices are set to the correct date/time and they are not using a VPN?

CarlosEspinozaMaruri commented 2 months ago

Yes, all devices are in the correct timezone and not using VPN

Jordan-Nelson commented 2 months ago

@CarlosEspinozaMaruri - Apologies for the delay. Can you tell us more about the windows devices you are experiencing this on? How many devices are you seeing this on? Are they running specific versions of Windows? Are there windows devices that you are not seeing this issue on?

Jordan-Nelson commented 2 months ago

I think the issue is that Dart does not support root certificates that are installed lazily. This impacts Windows devices. There is an issue open for this with dart: https://github.com/dart-lang/sdk/issues/52266

It is possible that we could work around this by including the root certificates required by AWS services in Amplify Flutter. See https://github.com/realm/realm-dart/commit/8792ffffc9b9a53f4534a326d33cc3da94c1ed15 for an example of how this could be done.

Another option would be to allow developers to provide their own http client so they could work around this.

I am going to mark this as a feature request for the time being. If you can provide us with more info about the devices you are seeing this on, or the frequency at which it occurs that would be helpful in determining the priority of supporting this.

It is not clear to me why this would resurface on the same device. If you can provide more details around that it would be helpful as well.

CarlosEspinozaMaruri commented 1 month ago

Hello @Jordan-Nelson, The error occurs across some client's devices. The available information suggests they are running on Windows 10 (not sure if running with windows license). However, it's worth noting that there are instances where it works seamlessly on both Windows 10 and 11 devices.

Jordan-Nelson commented 1 month ago

Hi @CarlosEspinozaMaruri thanks for the info. If you are able to find out any more info about the devices that this occurs on please let us know. For now we are going to track this as a feature request because it seems like the issue is how Windows/Dart handles root certs. There might be a way to work around it, but ideally this is resolved in the Dart SDK.