From: "Shan Shaji" <s.shaji@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
Cc: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: android: use `crone_http` package to honor user custom certificates
Date: Wed, 03 Sep 2025 13:47:00 +0200 [thread overview]
Message-ID: <DCJ52VCQ43Q4.29YPM3YUMKEMQ@proxmox.com> (raw)
In-Reply-To: <DCJ35KGHXMKX.23SDD07QSV5K8@proxmox.com>
On Wed Sep 3, 2025 at 12:16 PM CEST, Michael Köppl wrote:
> On Tue Sep 2, 2025 at 12:17 PM CEST, Shan Shaji wrote:
>> In android when a user installs a custom certificate the app was not
>> honoring the installed certificate and was still throwing
>> `HandShakeException`.
>>
>> To fix the issue, used the `crone_http` [0] package which will honor the
>
> nit: s/crone_http/cronet_http
Thanks will update it.
> Also: if I understand correctly based on quick search, the regular
> dart:io HttpClient simply doesn't honor user-installed certificates at
> all and there's no way to change that at the moment [0]?
Yes, The `IOClient` doesn't by default honor user installed certificates
however it does honor well known trusted CAs. AFAIU, if we want to still
use the IOClient we will have to manually trust the certificate [2].
> So adding this
> dependency is necessary because it's one of the few ways (or maybe the
> only way at the moment) to allow using user-installed certificates,
> right?
Another solution would be to fetch [0] the user installed certificate by
using method channel and manually trust the certificates [1][2].
Since it worked with `cronet_http` i didn't test with the manual implementation.
[0] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/android/src/main/kotlin/com/johnstef/flutter_user_certificates_android/FlutterUserCertificatesAndroidPlugin.kt#L33
[1] - https://api.flutter.dev/flutter/dart-io/SecurityContext/setTrustedCertificatesBytes.html
[2] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/lib/flutter_user_certificates_android.dart#L13
> Just asking because I think it's always good to have some
> rationale for additional dependencies. Might make sense to add this to
> the commit message as well, I think.
>
> [0] https://github.com/dart-lang/sdk/issues/50435
>
>> user installed certificates. Used the standalone embedded library [1] of
>> cronet inorder to avoid the dependency on Google Play Services.
>>
>> [0] - https://pub.dev/packages/cronet_http
>> [1] - https://pub.dev/packages/cronet_http#use-embedded-cronet
>>
>> Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-09-03 11:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-02 10:17 [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate Shan Shaji
2025-09-02 10:17 ` [pve-devel] [PATCH pve_flutter_frontend 1/1] fix: android: add network config to support custom certificates Shan Shaji
2025-09-02 10:17 ` [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: android: use `crone_http` package to honor user " Shan Shaji
2025-09-03 10:16 ` Michael Köppl
2025-09-03 11:47 ` Shan Shaji [this message]
2025-09-04 10:40 ` Shan Shaji
2025-09-02 10:17 ` [pve-devel] [PATCH proxmox_dart_api_client 2/2] fix: add explicit throw of `HandShakeException` Shan Shaji
2025-09-02 10:39 ` [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate Shan Shaji
2025-09-03 11:28 ` Michael Köppl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DCJ52VCQ43Q4.29YPM3YUMKEMQ@proxmox.com \
--to=s.shaji@proxmox.com \
--cc=pve-devel-bounces@lists.proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.