Handshake error in client : CERTIFICATE_VERIFY_FAILED Self signed certificate in flutter

Asked 29/4, 2020 at 15:8 Answered 3/10, 2021 at 16:51

I am making an https post Request from my flutter app. as there I am using a self signed SSL certificate in server so when I hit the API I am receiving status code as 405, that I am not able to connect,

If I used HTTP package, I am getting bellow exception,

HandshakeException: Handshake error in client (OS Error: I/flutter ( 7107): CERTIFICATE_VERIFY_FAILED: self signed certificate(handshake.cc:352))

when I tried with deo package I am getting 405 status code, below is the code for that,

Response response;
    final Dio dio = Dio();
    (dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate =
    (HttpClient client) {
  client.badCertificateCallback =
      (X509Certificate cert, String host, int port) => true;
  return client;
};
  response = await dio.post(loginURL, data: {"username": username, "password": password});
  print(response.data.toString());
  print(response.statusCode);

I tried to avoid the SSL handshake by making

 client.badCertificateCallback =
          (X509Certificate cert, String host, int port) => true;

Still its not working any other solution?

Turnage answered 29/4, 2020 at 15:8 Comment(1)

My guess is that your dio request is actually connecting OK (and your call back is working as you expect - returning true - you can check with a print statement of course). So the 405 is coming from the web server. The HTTPS connection was successful and the server responded that it didn't like your request. When you are using http you aren't specifying the callback, so you get the bad certificate exception as expected. It seems, with dio, that you are getting further than you think and now it's time to look at the server to confirm that it received the request. – Czar 29/4, 2020 at 16:40

This works for me

void main() {
  HttpOverrides.global = new MyHttpOverrides();
  runApp(MyApp());
}

class MyHttpOverrides extends HttpOverrides{
  @override
  HttpClient createHttpClient(SecurityContext context){
    return super.createHttpClient(context)
      ..badCertificateCallback = (X509Certificate cert, String host, int port)=> true;
  }
}

class MyApp extends StatelessWidget {
.....

Drench answered 3/10, 2021 at 16:51 Comment(1)

import dart:io; – Pavkovic 3/2, 2022 at 21:46

    DioForNative dio = DioForNative();
    DefaultHttpClientAdapter httpClient = dio.httpClientAdapter;
    httpClient.onHttpClientCreate = (HttpClient client) {
      client.badCertificateCallback =
          (X509Certificate cert, String host, int port) {
        return true;
      };
    };

and then you can make dio.post and dio.get requests.

Hobnob answered 16/9, 2021 at 12:50 Comment(0)

As previously mentioned in the comments, the HTTP request gets through since it returns a 405 error. HTTP error 405 usual points is usually defined as "Method not allowed", and commonly caused by incorrect request method. You may want to check with the server if it can receive the request that you're sending.

Bushwhacker answered 13/5, 2021 at 13:0 Comment(0)

Recommended topics

Hot tags