From: "Shan Shaji" <s.shaji@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
Cc: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: android: use `crone_http` package to honor user custom certificates
Date: Wed, 03 Sep 2025 13:47:00 +0200 [thread overview]
Message-ID: <DCJ52VCQ43Q4.29YPM3YUMKEMQ@proxmox.com> (raw)
In-Reply-To: <DCJ35KGHXMKX.23SDD07QSV5K8@proxmox.com>
On Wed Sep 3, 2025 at 12:16 PM CEST, Michael Köppl wrote:
> On Tue Sep 2, 2025 at 12:17 PM CEST, Shan Shaji wrote:
>> In android when a user installs a custom certificate the app was not
>> honoring the installed certificate and was still throwing
>> `HandShakeException`.
>>
>> To fix the issue, used the `crone_http` [0] package which will honor the
>
> nit: s/crone_http/cronet_http
Thanks will update it.
> Also: if I understand correctly based on quick search, the regular
> dart:io HttpClient simply doesn't honor user-installed certificates at
> all and there's no way to change that at the moment [0]?
Yes, The `IOClient` doesn't by default honor user installed certificates
however it does honor well known trusted CAs. AFAIU, if we want to still
use the IOClient we will have to manually trust the certificate [2].
> So adding this
> dependency is necessary because it's one of the few ways (or maybe the
> only way at the moment) to allow using user-installed certificates,
> right?
Another solution would be to fetch [0] the user installed certificate by
using method channel and manually trust the certificates [1][2].
Since it worked with `cronet_http` i didn't test with the manual implementation.
[0] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/android/src/main/kotlin/com/johnstef/flutter_user_certificates_android/FlutterUserCertificatesAndroidPlugin.kt#L33
[1] - https://api.flutter.dev/flutter/dart-io/SecurityContext/setTrustedCertificatesBytes.html
[2] - https://github.com/jfly/flutter_user_certificates_android/blob/db81e4ff3222a7db1308ed03c4bc3142c0d271d5/lib/flutter_user_certificates_android.dart#L13
> Just asking because I think it's always good to have some
> rationale for additional dependencies. Might make sense to add this to
> the commit message as well, I think.
>
> [0] https://github.com/dart-lang/sdk/issues/50435
>
>> user installed certificates. Used the standalone embedded library [1] of
>> cronet inorder to avoid the dependency on Google Play Services.
>>
>> [0] - https://pub.dev/packages/cronet_http
>> [1] - https://pub.dev/packages/cronet_http#use-embedded-cronet
>>
>> Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-09-03 11:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-02 10:17 [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate Shan Shaji
2025-09-02 10:17 ` [pve-devel] [PATCH pve_flutter_frontend 1/1] fix: android: add network config to support custom certificates Shan Shaji
2025-09-02 10:17 ` [pve-devel] [PATCH proxmox_dart_api_client 1/2] fix: android: use `crone_http` package to honor user " Shan Shaji
2025-09-03 10:16 ` Michael Köppl
2025-09-03 11:47 ` Shan Shaji [this message]
2025-09-04 10:40 ` Shan Shaji
2025-09-02 10:17 ` [pve-devel] [PATCH proxmox_dart_api_client 2/2] fix: add explicit throw of `HandShakeException` Shan Shaji
2025-09-02 10:39 ` [pve-devel] [PATCH proxmox_dart_api_client/pve_flutter_frontend 0/3] fix: android: add support to honor user installed certificate Shan Shaji
2025-09-03 11:28 ` Michael Köppl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DCJ52VCQ43Q4.29YPM3YUMKEMQ@proxmox.com \
--to=s.shaji@proxmox.com \
--cc=pve-devel-bounces@lists.proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox