* [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates
@ 2025-09-08 14:11 Shan Shaji
2025-09-08 14:11 ` [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: ios: use `cupertino_http` package to honor " Shan Shaji
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Shan Shaji @ 2025-09-08 14:11 UTC (permalink / raw)
To: pve-devel
The app was not honoring the user installed certificate and was still
throwing `HandShakeException` when using `IOClient`. Inorder to fix the
issue used the `cupertino_http` package. This patch series only includes
the changes specific to iOS. Android related changes can be found here
[0].
- [0] https://lore.proxmox.com/pve-devel/DCKQF7FSYTGT.HK16P9PBZEDS@proxmox.com/T/#t
I've only tested the changes in the simulator so far. I'll also deploy
the changes to TestFlight and verify everything on a real device as well.
Shan Shaji (2):
fix: ios: use `cupertino_http` package to honor custom user certificates
fix: ios: add explicit throw of `HandshakeException`
lib/src/authenticate.dart | 35 ++++++++++-----
lib/src/utils_native.dart | 7 +++
pubspec.lock | 89 ++++++++++++++++++++++++++++++++++++---
pubspec.yaml | 1 +
4 files changed, 115 insertions(+), 17 deletions(-)
--
2.50.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: ios: use `cupertino_http` package to honor custom user certificates
2025-09-08 14:11 [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates Shan Shaji
@ 2025-09-08 14:11 ` Shan Shaji
2025-09-08 14:11 ` [pve-devel] [PATCH proxmox_dart_api_client 2/2] fix: ios: add explicit throw of `HandshakeException` Shan Shaji
2025-09-09 9:58 ` [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates Shan Shaji
2 siblings, 0 replies; 4+ messages in thread
From: Shan Shaji @ 2025-09-08 14:11 UTC (permalink / raw)
To: pve-devel
In iOS when a user installs a custom certificate and manually trusts it
from the certificate trust settings of iOS. The app was not
honoring the installed certificate [0] and was still throwing
`HandShakeException`.
The issue is because the `IOClient` doesn't by default honor user
installed certificate. To fix the issue, used the `cupertino_http` [1]
package which will honor the user installed certificates.
The `cupertino_http` package internally uses the native
iOS URL loading system [2].
- [0] https://support.apple.com/en-us/102390
- [1] https://pub.dev/packages/cupertino_http
- [2] https://developer.apple.com/documentation/foundation/url-loading-system
Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
---
lib/src/utils_native.dart | 7 +++
pubspec.lock | 89 ++++++++++++++++++++++++++++++++++++---
pubspec.yaml | 1 +
3 files changed, 90 insertions(+), 7 deletions(-)
diff --git a/lib/src/utils_native.dart b/lib/src/utils_native.dart
index 2ece3a3..736d9f5 100644
--- a/lib/src/utils_native.dart
+++ b/lib/src/utils_native.dart
@@ -1,3 +1,4 @@
+import 'package:cupertino_http/cupertino_http.dart';
import 'package:http/http.dart' as http;
import 'package:http/io_client.dart' as http_io;
import 'dart:io';
@@ -5,6 +6,12 @@ import 'dart:io';
http.Client getCustomIOHttpClient({bool validateSSL = true}) {
var ioClient = HttpClient();
+ if (Platform.isIOS && validateSSL) {
+ final config = URLSessionConfiguration.ephemeralSessionConfiguration()
+ ..cache = URLCache.withCapacity(memoryCapacity: 1024 * 1024);
+ return CupertinoClient.fromSessionConfiguration(config);
+ }
+
if (!validateSSL) {
ioClient.badCertificateCallback =
((X509Certificate cert, String host, int port) {
diff --git a/pubspec.lock b/pubspec.lock
index 857f2bc..723832c 100644
--- a/pubspec.lock
+++ b/pubspec.lock
@@ -113,6 +113,14 @@ packages:
url: "https://pub.dev"
source: hosted
version: "8.9.2"
+ characters:
+ dependency: transitive
+ description:
+ name: characters
+ sha256: f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803
+ url: "https://pub.dev"
+ source: hosted
+ version: "1.4.0"
checked_yaml:
dependency: transitive
description:
@@ -133,10 +141,10 @@ packages:
dependency: transitive
description:
name: collection
- sha256: ee67cb0715911d28db6bf4af1026078bd6f0128b07a5f66fb2ed94ec6783c09a
+ sha256: "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76"
url: "https://pub.dev"
source: hosted
- version: "1.18.0"
+ version: "1.19.1"
convert:
dependency: transitive
description:
@@ -161,6 +169,14 @@ packages:
url: "https://pub.dev"
source: hosted
version: "3.0.3"
+ cupertino_http:
+ dependency: "direct main"
+ description:
+ name: cupertino_http
+ sha256: "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae"
+ url: "https://pub.dev"
+ source: hosted
+ version: "2.3.0"
dart_style:
dependency: transitive
description:
@@ -169,6 +185,14 @@ packages:
url: "https://pub.dev"
source: hosted
version: "2.3.6"
+ ffi:
+ dependency: transitive
+ description:
+ name: ffi
+ sha256: "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418"
+ url: "https://pub.dev"
+ source: hosted
+ version: "2.1.4"
file:
dependency: transitive
description:
@@ -185,6 +209,11 @@ packages:
url: "https://pub.dev"
source: hosted
version: "1.1.0"
+ flutter:
+ dependency: transitive
+ description: flutter
+ source: sdk
+ version: "0.0.0"
frontend_server_client:
dependency: transitive
description:
@@ -213,10 +242,10 @@ packages:
dependency: "direct main"
description:
name: http
- sha256: "761a297c042deedc1ffbb156d6e2af13886bb305c2a343a4d972504cd67dd938"
+ sha256: bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007
url: "https://pub.dev"
source: hosted
- version: "1.2.1"
+ version: "1.5.0"
http_multi_server:
dependency: transitive
description:
@@ -233,6 +262,14 @@ packages:
url: "https://pub.dev"
source: hosted
version: "4.0.2"
+ http_profile:
+ dependency: transitive
+ description:
+ name: http_profile
+ sha256: "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78"
+ url: "https://pub.dev"
+ source: hosted
+ version: "0.1.0"
io:
dependency: transitive
description:
@@ -281,14 +318,22 @@ packages:
url: "https://pub.dev"
source: hosted
version: "0.12.16+1"
+ material_color_utilities:
+ dependency: transitive
+ description:
+ name: material_color_utilities
+ sha256: f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec
+ url: "https://pub.dev"
+ source: hosted
+ version: "0.11.1"
meta:
dependency: transitive
description:
name: meta
- sha256: "25dfcaf170a0190f47ca6355bdd4552cb8924b430512ff0cafb8db9bd41fe33b"
+ sha256: e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c
url: "https://pub.dev"
source: hosted
- version: "1.14.0"
+ version: "1.16.0"
mime:
dependency: transitive
description:
@@ -305,6 +350,14 @@ packages:
url: "https://pub.dev"
source: hosted
version: "2.0.2"
+ objective_c:
+ dependency: transitive
+ description:
+ name: objective_c
+ sha256: "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7"
+ url: "https://pub.dev"
+ source: hosted
+ version: "7.1.0"
package_config:
dependency: transitive
description:
@@ -385,6 +438,11 @@ packages:
url: "https://pub.dev"
source: hosted
version: "1.0.4"
+ sky_engine:
+ dependency: transitive
+ description: flutter
+ source: sdk
+ version: "0.0.0"
source_gen:
dependency: transitive
description:
@@ -497,6 +555,14 @@ packages:
url: "https://pub.dev"
source: hosted
version: "1.3.2"
+ vector_math:
+ dependency: transitive
+ description:
+ name: vector_math
+ sha256: "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803"
+ url: "https://pub.dev"
+ source: hosted
+ version: "2.1.4"
vm_service:
dependency: transitive
description:
@@ -521,6 +587,14 @@ packages:
url: "https://pub.dev"
source: hosted
version: "0.5.1"
+ web_socket:
+ dependency: transitive
+ description:
+ name: web_socket
+ sha256: "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c"
+ url: "https://pub.dev"
+ source: hosted
+ version: "1.0.1"
web_socket_channel:
dependency: transitive
description:
@@ -546,4 +620,5 @@ packages:
source: hosted
version: "3.1.2"
sdks:
- dart: ">=3.3.0 <4.0.0"
+ dart: ">=3.7.0 <4.0.0"
+ flutter: ">=3.24.0"
diff --git a/pubspec.yaml b/pubspec.yaml
index 7b61edc..b8ff9fc 100644
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -10,6 +10,7 @@ dependencies:
built_value: ^8.4.2
built_collection: ^5.1.1
retry: ^3.1.0
+ cupertino_http: ^2.3.0
dev_dependencies:
lints: ^3.0.0
--
2.50.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH proxmox_dart_api_client 2/2] fix: ios: add explicit throw of `HandshakeException`
2025-09-08 14:11 [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates Shan Shaji
2025-09-08 14:11 ` [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: ios: use `cupertino_http` package to honor " Shan Shaji
@ 2025-09-08 14:11 ` Shan Shaji
2025-09-09 9:58 ` [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates Shan Shaji
2 siblings, 0 replies; 4+ messages in thread
From: Shan Shaji @ 2025-09-08 14:11 UTC (permalink / raw)
To: pve-devel
The `cupertino_http` package is throwing `ClientException` [0] instead
of `HandShakeException` when the certificate is not valid.
Due to this the exception was directly shown in the UI. Inorder to make
the error more user friendly catch the `NSErrorClientException` and
rethrow `HandShakeException` if the certificate is not valid.
Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
---
lib/src/authenticate.dart | 35 +++++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 10 deletions(-)
diff --git a/lib/src/authenticate.dart b/lib/src/authenticate.dart
index 118408f..5217578 100644
--- a/lib/src/authenticate.dart
+++ b/lib/src/authenticate.dart
@@ -1,12 +1,13 @@
import 'dart:async';
import 'dart:convert';
+import 'dart:io';
+import 'package:cupertino_http/cupertino_http.dart';
import 'package:http/http.dart' as http;
import 'package:proxmox_dart_api_client/proxmox_dart_api_client.dart';
import 'package:proxmox_dart_api_client/src/handle_ticket_response.dart';
import 'package:proxmox_dart_api_client/src/models/serializers.dart';
-
/// Returns an authenticated client to work with if successful.
///
/// This is the function you are looking for if you want to interact with any
@@ -56,6 +57,12 @@ Future<ProxmoxApiClient> authenticate(
} on TimeoutException catch (_) {
throw ProxmoxApiException(
'Authentication takes unusually long, check network connection', 408);
+ } on NSErrorClientException catch (e) {
+ // Treat untrusted server certificate (-1202) as a handshake failure.
+ if (e.error.code == -1202) {
+ throw HandshakeException(e.message);
+ }
+ rethrow;
}
}
@@ -64,14 +71,22 @@ Future<List<PveAccessDomainModel?>> accessDomains(
bool validateSSL, {
http.Client? httpClient,
}) async {
- httpClient ??= getCustomIOHttpClient(validateSSL: validateSSL);
+ try {
+ httpClient ??= getCustomIOHttpClient(validateSSL: validateSSL);
- final path = '/api2/json/access/domains';
- final response = await httpClient
- .get(apiBaseUrl.replace(path: path))
- .timeout(Duration(seconds: 25));
- var data = (json.decode(response.body)['data'] as List).map((f) {
- return serializers.deserializeWith(PveAccessDomainModel.serializer, f);
- });
- return data.toList();
+ final path = '/api2/json/access/domains';
+ final response = await httpClient
+ .get(apiBaseUrl.replace(path: path))
+ .timeout(Duration(seconds: 25));
+ var data = (json.decode(response.body)['data'] as List).map((f) {
+ return serializers.deserializeWith(PveAccessDomainModel.serializer, f);
+ });
+ return data.toList();
+ } on NSErrorClientException catch (e) {
+ // Treat untrusted server certificate (-1202) as a handshake failure.
+ if (e.error.code == -1202) {
+ throw HandshakeException(e.message);
+ }
+ rethrow;
+ }
}
--
2.50.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates
2025-09-08 14:11 [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates Shan Shaji
2025-09-08 14:11 ` [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: ios: use `cupertino_http` package to honor " Shan Shaji
2025-09-08 14:11 ` [pve-devel] [PATCH proxmox_dart_api_client 2/2] fix: ios: add explicit throw of `HandshakeException` Shan Shaji
@ 2025-09-09 9:58 ` Shan Shaji
2 siblings, 0 replies; 4+ messages in thread
From: Shan Shaji @ 2025-09-09 9:58 UTC (permalink / raw)
To: Shan Shaji, pve-devel
Tested the changes on TestFlight build (1.8.1+52)
On Mon Sep 8, 2025 at 4:11 PM CEST, Shan Shaji wrote:
> I've only tested the changes in the simulator so far. I'll also deploy
> the changes to TestFlight and verify everything on a real device as well.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-09-09 9:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-08 14:11 [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates Shan Shaji
2025-09-08 14:11 ` [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: ios: use `cupertino_http` package to honor " Shan Shaji
2025-09-08 14:11 ` [pve-devel] [PATCH proxmox_dart_api_client 2/2] fix: ios: add explicit throw of `HandshakeException` Shan Shaji
2025-09-09 9:58 ` [pve-devel] [PATCH proxmox_dart_api_client 0/2] fix: ios: add support for custom user certificates Shan Shaji
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.