You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems to be a huge issue on Windows.
I've spend many hours and can reproduce it 100% times.
How to reproduce:
Create an empty app with HTTPs call using this package and address https://anything.cloudfunctions.net (or virtually any other property configured endpoint).
Install a fresh Windows 10 or 11 (VM is fine, I've used a Qemu Proxmox hypervisor). I've used an official image from Microsoft for Windows 10 and 11 Home Edition. All updates are installed. Totally clean installation - no apps installed, no sites were opened.
Build the test app for Windows.
Run it on the test Windows machine.
Expected results:
The call is successful.
Inspect the User Certificates on Windows and see that appropriate root CA certificate is appeared in the Trusted Root Certificate Authorities section. Which means that the Windows root CA certificate lazy load works.
Real results:
The call fails with error "Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(../../third_party/boringssl/src/ssl/handshake.cc:393))"
Inspect the User Certificates on Windows and see that appropriate root CA certificate is NOT appeared in the Trusted Root Certificate Authorities. It means that calls from this package does not trigger the Windows root CA certificate lazy load.
Restart the test app because BoringSSL does not load root CA certificates until recreated.
Check the Expected Results (above) and see that call through Windows native SDK works as expected even for the same endpoint.
Please pay attention that this is not about:
Not about self-signed or non-valid certificate.
Not about expired X1 root certificate (aka Letsencrypt).
Not about intermediate connection issues.
I know about a hack with a certificate pinning, but this is not an option since solves issues only with endpoints known at the moment of the building. This is obviously not an ultimate workaround.
It seems to be a huge issue on Windows.
I've spend many hours and can reproduce it 100% times.
How to reproduce:
Expected results:
Real results:
How to prove that this the package issue:
Please pay attention that this is not about:
I know about a hack with a certificate pinning, but this is not an option since solves issues only with endpoints known at the moment of the building. This is obviously not an ultimate workaround.
There is an issue opened for almost a year: dart-lang/sdk#52266
Appreciate your attention on this critical issue since we can clearly reproduce it on our projects.
The text was updated successfully, but these errors were encountered: