0

I am new to working with openSSL and cert do's and dont's.

Within my sink file I am making use of SecurityContext to force HTTPs:

@override
SecurityContext get securityContext {
    return new SecurityContext()
        ..usePrivateKey("SSL/key.pem", password: keypassword)
        ..useCertificateChain("SSL/cert.pem", password: certpassword);
}

I am developing locally and created the self signed key and cert using OpenSSL. When running the application via aqueduct serve, I have no issues (other than confirming with the respective browser that I am aware that the certificate is not CA signed) but when running my tests I receive the following error: 

HandshakeException: Handshake error in client (OS Error: 
CERTIFICATE_VERIFY_FAILED: self signed certificate(ssl_cert.c:345))

Does this mean that I need to be using a CA signed certificate to avoid this?

Arthur Daniel
  • 331
  • 1
  • 3
  • 7

1 Answers1

1

By default, Dart HttpClient will fail if the server's SSL cert is self-signed. You can override this, but TestClient doesn't give you access to the underlying HttpClient. We could make that property public, but...

Tests are primarily for testing application logic. Whether or not SSL is used won't matter all that much. aqueduct serve has CLI options for SSL. When running locally or via tests, you can omit SSL. When running remotely with a signed SSL cert, you can add the key and file path to the CLI args at launch:

aqueduct serve --ssl-key-path SSL/key.pem --ssl-certificate-path SSL/cert.pem

Joe Conway
  • 1,566
  • 9
  • 8