-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SecurityContext option to pin certificates #1258
Comments
That functionality is not currently available. As a workaround, could you use |
Hi @brianquinlan, But for development I found a workaround. I was able to load the root certificate from the mkcert CA onto the iOS simulator and allow it in the settings. Now I am able to test the application with SSL on the local dev server. For testing on a real device I am running an actual test backend with validated certificate. |
I just ran into the same problem on android. It seems its currently not possible to test anything with a local web server because either Android and iOS prohibit plain HTTP or cronet or cupertino complain about bad certificates. This is is a real problem if you want to do performance tests in a local environment |
@escamoteur are you using an emulator respectively a simulator? Then you can copy your root certificate via drag and drop onto the virtual device. On iOS it is directly on the Home Screen. On Android you go into Security & privacy > More security & privacy (very bottom) > Encryption & credentials > Install a certificate > CA certificate and drop the root certificate there. This implies that you are using a self hosted CA like mkcert. If you are testing on a physical device you have to find a way to get that root certificate onto those phones, but that should be possible as well. |
The problem is to work with an accepted certificate you have to call the API with a domain and not just an IP address AFAIK . When setting up a local test server that is not always the case. As it seems no longer to be possible to bypass https on Android and iOS it should be possible to ignore bad certificate checks |
Hello,
I would like to use the Cupertino_http package to make http calls to our backend server.
For debugging we are running an instance of that server locally.
That server uses an ssl certificate created via an own CA using mkcert.
Is there any possibility to add this certificate like in HttpClient(context: securityContext)?
Otherwise I do get the error
ClientException: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “127.0.0.1” which could put your confidential information at risk., uri=https://127.0.0.1/auth/
Which totally makes sense. Using Android and CronetClient I do have the possibility to pin the certificate through user trusted certificates. Is there anything I can do here?
Thanks in advance!
The text was updated successfully, but these errors were encountered: