[pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: android: use `crone_http` package to honor user custom certificates
Shan Shaji
s.shaji at proxmox.com
Wed Sep 3 13:47:00 CEST 2025
On Wed Sep 3, 2025 at 12:16 PM CEST, Michael Köppl wrote:
> On Tue Sep 2, 2025 at 12:17 PM CEST, Shan Shaji wrote:
>> In android when a user installs a custom certificate the app was not
>> honoring the installed certificate and was still throwing
>> `HandShakeException`.
>>
>> To fix the issue, used the `crone_http` [0] package which will honor the
>
> nit: s/crone_http/cronet_http
Thanks will update it.
> Also: if I understand correctly based on quick search, the regular
> dart:io HttpClient simply doesn't honor user-installed certificates at
> all and there's no way to change that at the moment [0]?
Yes, The `IOClient` doesn't by default honor user installed certificates
however it does honor well known trusted CAs. AFAIU, if we want to still
use the IOClient we will have to manually trust the certificate [2].
> So adding this
> dependency is necessary because it's one of the few ways (or maybe the
> only way at the moment) to allow using user-installed certificates,
> right?
Another solution would be to fetch [0] the user installed certificate by
using method channel and manually trust the certificates [1][2].
Since it worked with `cronet_http` i didn't test with the manual implementation.
[0] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/android/src/main/kotlin/com/johnstef/flutter_user_certificates_android/FlutterUserCertificatesAndroidPlugin.kt#L33
[1] - https://api.flutter.dev/flutter/dart-io/SecurityContext/setTrustedCertificatesBytes.html
[2] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/lib/flutter_user_certificates_android.dart#L13
> Just asking because I think it's always good to have some
> rationale for additional dependencies. Might make sense to add this to
> the commit message as well, I think.
>
> [0] https://github.com/dart-lang/sdk/issues/50435
>
>> user installed certificates. Used the standalone embedded library [1] of
>> cronet inorder to avoid the dependency on Google Play Services.
>>
>> [0] - https://pub.dev/packages/cronet_http
>> [1] - https://pub.dev/packages/cronet_http#use-embedded-cronet
>>
>> Signed-off-by: Shan Shaji <s.shaji at proxmox.com>
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list