mraleph
commented
3 years ago @matejkramny Yeah, I agree that documentation could be somewhat improved at least to refer to the core libraries doc. Feel free to submit PR expanding it.
Open matejkramny opened 3 years ago
mraleph
commented
3 years ago @matejkramny Yeah, I agree that documentation could be somewhat improved at least to refer to the core libraries doc. Feel free to submit PR expanding it.
davidbnk
commented
3 years ago So how you create a channel with a self signed certificate? The ChannelCredentials constructor doesn't accept a SecurityContext and instead create its own.
matejkramny
commented
3 years ago @davidbnk there's another issue with code sample to extend ChannelOptions and specify how you want to dial the connection.
Btw i've tried what you're looking for and gave up with self-signed certificates. They worked fine on Android but iOS couldn't connect. Tried with DER/Pem and pkcs12 formatted der certificate to no avail. If you find a solution let me know!
The "solution" everyone is suggesting is to add the "onBadCertificate" callback and allow bad certificates through which works for development, but not if you want to connect through the internet using a self-signed certificate
matejkramny
commented
3 years ago @matejkramny Yeah, I agree that documentation could be somewhat improved at least to refer to the core libraries doc. Feel free to submit PR expanding it.
I will do, is this over here or at the grpc/grpc.io project? Thanks
davidbnk
commented
3 years ago @davidbnk there's another issue with code sample to extend
ChannelOptionsand specify how you want to dial the connection.Btw i've tried what you're looking for and gave up with self-signed certificates. They worked fine on Android but iOS couldn't connect. Tried with DER/Pem and pkcs12 formatted der certificate to no avail. If you find a solution let me know!
The "solution" everyone is suggesting is to add the "onBadCertificate" callback and allow bad certificates through which works for development, but not if you want to connect through the internet using a self-signed certificate
Did you follow the new requirements?
matejkramny
commented
3 years ago @davidbnk ah ha, thanks a lot!.
I made a certificate valid for 3650 days, which is over the limit of 875 days.
btw I supplied the certificate in the ChannelOptions certificate option and passing a password for pkcs12, which worked for Android as mentioned.
mraleph
commented
3 years ago I will do, is this over here or at the grpc/grpc.io project? Thanks
Over here. Just add information in a doc-comment on ChannelCredentials.secure.
ChokWah
commented
3 years ago validateBadCertificate: I override and return true. It didn't work. No any response error or success.
Den-creator
commented
1 year ago @davidbnk there's another issue with code sample to extend
ChannelOptionsand specify how you want to dial the connection. Btw i've tried what you're looking for and gave up with self-signed certificates. They worked fine on Android but iOS couldn't connect. Tried with DER/Pem and pkcs12 formatted der certificate to no avail. If you find a solution let me know! The "solution" everyone is suggesting is to add the "onBadCertificate" callback and allow bad certificates through which works for development, but not if you want to connect through the internet using a self-signed certificateDid you follow the new requirements?
I have the same issue. I am using not SSL certificate, but CA certificate. All works fine on Android, but on iOS not works.
I had an issue like some others have pointed out when connecting through a custom certificate trust store. Using it resulted in a HandshakeException (CERTIFICATE_VERIFY_FAILED).
Digging through my local files leads me to
security_context.dartwithin asky_enginepackage (which doesn't seem to exist anywhere). This flutter doc explains that using a PEM formatted certificate won't work on ios devices: setTrustedCertificatesIt may be worth adding this to the documentation and assist with other similar issues.