Bypass Certificate Error Using Http

Question

I\'m trying to create a proxy server that access third-party API, but their development end point have certificate error. Is there anyway to bypass ssl error when using http

Answer 1

Error -8172 means that 'Peer's certificate issuer has been marked as not trusted by the user.'

If you had access to the raw socket, then connect method allows you to specify what to do in case of bad certificate by providing onBadCertificate callback. However, I am not sure what is the exact type of http object in your code sample, so i can't tell whether you can workaround this or not. I thought it might be an HttpClient instance but it doesn't have a get method which takes a URI, so I am not sure. If it is your own class, maybe you have access to underlying secure socket so you can still use onBadCertificate.

Additionally, for server sockets, you can't rely on implicit SecureSocket.initialize() call. You need to call it explicitly with certificate db info.

Answer 2

Though this question may be out of date, I should still post a short answer for this, in case of someone in the same trouble. This snippet's from my project:

import 'package:http/http.dart' as http;
import 'package:http/io_client.dart';
...

HttpClient client = new HttpClient()..badCertificateCallback = ((X509Certificate cert, String host, int port) => true);
var ioClient = new IOClient(client);
http.Response resp = await ioClient.post(uri, body: utf8.encode(json.encode(body)), headers: headers);
...

The issue was mentioned here and also the fix.