Hi,
I am trying to connect to a signalR service and encountered with an error as below.
HandshakeException: Handshake error in client (OS Error:
Any help on this?
Hi,
We’re also seeing this error, if a user is running a VPN disabling it can sometimes help.
This issue on GitHub may be related:
opened 10:50AM - 25 Aug 21 UTC
engine
dependency: dart
platform-windows
a: desktop
a: release
P2
team-windows
triaged-windows
I've made a flutter desktop app, build it in a Release mode and decided to test … in on Windows' SandBox. The problem is that any https request to any server leads to "Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:363))" error. If this happens on an official SandBox, it also might happen on default Windows version of some user. In this example i'm making request to Google Analytics server and encounter this error.
<details>
<summary>minimal code sample</summary>
```dart
import 'dart:io';
import 'package:flutter/material.dart';
void main() => runApp(MyApp());
class MyApp extends StatefulWidget {
@override
_MyAppState createState() => _MyAppState();
}
class _MyAppState extends State<MyApp> {
String text = 'No errors!';
@override
void initState() {
WidgetsBinding.instance?.addPostFrameCallback((timeStamp) async {
try {
HttpClientRequest request = await HttpClient().postUrl(Uri.parse(
'https://www.google-analytics.com/mp/collect?measurement_id=test&api_secret=test2'));
HttpClientResponse response = await request.close();
setState(() => text = 'Request was successfully sent to the Google server. Status code: ${response.statusCode.toString()}');
} catch (error) {
setState(() => text = error.toString());
}
});
super.initState();
}
@override
Widget build(BuildContext context) {
return MaterialApp(
title: 'Material App',
home: Scaffold(
appBar: AppBar(
title: Text('Material App Bar'),
),
body: Center(
child: Container(
child: Text(text),
),
),
),
);
}
}
```
</details>
<details>
<summary>preview</summary>
Sandbox:
My pc:
</details>
I also found a solution to this problem but i'm not sure that it's safe to allow any certificate to be used
```dart
class FixSSLOverride extends HttpOverrides {
@override
HttpClient createHttpClient(SecurityContext? context) {
return super.createHttpClient(context)
..badCertificateCallback =
(X509Certificate cert, String host, int port) => true;
}
}
HttpOverrides.global = FixSSLOverride();
```
Flutter doctor -v
<details>
<summary>flutter doctor -v</summary>
```console
[√] Flutter (Channel stable, 2.2.3, on Microsoft Windows [Version 10.0.19043.1165], locale en-US)
• Flutter version 2.2.3 at C:\Install\flutter
• Framework revision f4abaa0735 (8 weeks ago), 2021-07-01 12:46:11 -0700
• Engine revision 241c87ad80
• Dart version 2.13.4
[√] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
• Android SDK at C:\Users\karnm\AppData\Local\Android\sdk
• Platform android-30, build-tools 30.0.3
• Java binary at: C:\Install\Android Studio\jre\bin\java
• Java version OpenJDK Runtime Environment (build 11.0.10+0-b96-7249189)
• All Android licenses accepted.
[√] Chrome - develop for the web
• Chrome at C:\Program Files\Google\Chrome\Application\chrome.exe
[√] Visual Studio - develop for Windows (Visual Studio Community 2019 16.9.4)
• Visual Studio at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community
• Visual Studio Community 2019 version 16.9.31205.134
• Windows 10 SDK version 10.0.19041.0
[√] Android Studio (version 4.1.0)
• Android Studio at C:\Install\Android Studio
• Flutter plugin can be installed from:
https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
https://plugins.jetbrains.com/plugin/6351-dart
• Java version OpenJDK Runtime Environment (build 11.0.10+0-b96-7249189)
[√] IntelliJ IDEA Ultimate Edition (version 2021.1)
• IntelliJ at C:\Install\IntelliJ IDEA 2020.3.1
• Flutter plugin version 58.0.3
• Dart plugin version 211.7727
[√] Connected device (3 available)
• Windows (desktop) • windows • windows-x64 • Microsoft Windows [Version 10.0.19043.1165]
• Chrome (web) • chrome • web-javascript • Google Chrome 91.0.4472.77
• Edge (web) • edge • web-javascript • Microsoft Edge 92.0.902.78
• No issues found!
```
</details>
SSL certificates are explicitly tied to hostnames. If you’re connecting to serverA.com and you get a certificate that says serverB.com, you’ll see this error.
The answer to why you’re getting a mismatched hostname in the certificate could be a million different reasons. I know that, for myself, I use a secure DNS server with a blocklist. If I try to connect to a site on the blocklist, my DNS server will return a block page with an SSL certificate (that doesn’t match the original hostname). This is just one example of what could be happening.
1 Like
To solve this issue use badCertificateCallback To temporarily bypass SSL validation during development, you can override the default HTTP behavior :
class MyHttpOverrides extends HttpOverrides {
@override
HttpClient createHttpClient(SecurityContext? context) {
return super.createHttpClient(context)
..badCertificateCallback = (X509Certificate cert, String host, int port) => true;
}
}
in main.dart and use it as
void main(){
WidgetsFlutterBinding.ensureInitialized(); // use it here
runApp(GetMaterialApp(
title: '',
theme: ThemeData(
useMaterial3: true,
primarySwatch: Colors.blue,
),
debugShowCheckedModeBanner: false,
home: Screen() ,
));
}
Note : This approach should only be used for testing or development environments.Never use this method in production builds
Also I think the override doesn’t work if you use the new native http_clients
You’re absolutely right — the standard override approach work if you’re using the new native HTTP client introduced via :
import ‘dart:io’;
CERTIFICATE_VERIFY_FAILED: Hostname mismatch(handshake.cc:393))