flutterhole icon indicating copy to clipboard operation
flutterhole copied to clipboard

Published 20 hours ago verified publisher icon sterrenb

Self signed certificate causes error during the Handshake

Open DevPre24 opened this issue 5 years ago • 3 comments

When using a reverse proxy with a self signed certificate, FlutterHole cannot connect to the server. Could you add an option to trust the certificate anyways? That would be useful since Pi-Hole installations are usually on internal networks and due to the lack of a domain the use of let's encrypt is not possible. Thanks!

DevPre24 avatar Mar 16 '19 13:03 DevPre24

Hi, if you're still interested, I have been working on a feature to allow self signed certificates.

I've commited a possible solution, but since my own Pi-hole is on a local network, I cannot test it in practice. If you are willing to try it out, let me know and I'll compile an .apk for you. Otherwise I will push it to the Play Store Beta branch.

sterrenb avatar Mar 28 '19 16:03 sterrenb

Hi, if you're still interested, I have been working on a feature to allow self signed certificates.

I've commited a possible solution, but since my own Pi-hole is on a local network, I cannot test it in practice. If you are willing to try it out, let me know and I'll compile an .apk for you. Otherwise I will push it to the Play Store Beta branch.

Hi, thanks for working on that feature. Don't worry i already compiled it myself.

It works as expected, but i noticed that by enabling the "Force SSL" slider the handshake fails. (I don't know if this is the correct behavior or not, just reporting). With it disabled everything goes smooth.

Here's the log:

I/flutter (29143): [2019-03-29T00:31:40.443479] ApiProvider: WARNING: not authorized: Exception: DioError [DioErrorType.DEFAULT]: HandshakeException: Handshake error in client (OS Error: 
I/flutter (29143): 	WRONG_VERSION_NUMBER(tls_record.cc:242))
I/flutter (29143): [2019-03-29T00:31:40.447120] ApiProvider: WARNING: not authorized: Exception: DioError [DioErrorType.DEFAULT]: HandshakeException: Handshake error in client (OS Error: 
I/flutter (29143): 	WRONG_VERSION_NUMBER(tls_record.cc:242))

DevPre24 avatar Mar 28 '19 23:03 DevPre24

Hello,

I am using self-signed certificates as well. I am now on latest Pi-Hole and Flutterhole (5.2.3), and with the "Allow Self-Signed Certificates" option, everything is working well enough.

However, from a security perspective, it would be better to provide a specific certificate authority public key to trust instead of essentially allowing any of them to pass. Is there any effort (in this GitHub issue or any others) to either do a per-Pi-Hole cert or have an app-wide setting?

@sterrenburg I do understand that you were not using self-signed certs which makes testing hard. I am happy to try and help test, or help provide some scripts to generate your own certs if you are interested in doing that.

Thank you!

mathmaniac43 avatar Sep 05 '20 12:09 mathmaniac43