I have pinned (the Facebook SSL certificate) in the assets/certificates path.
I am fetching network calls using Dio package.
void fetchDataUsingDio() async {
final dio = Dio();
ByteData bytes = await rootBundle.load(_certificatePath);
(dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate =
(client) {
SecurityContext securityContext = SecurityContext();
client.badCertificateCallback =
(X509Certificate cert, String host, int port) => false; //added
securityContext.setTrustedCertificatesBytes(bytes.buffer.asUint8List());
return HttpClient(context: securityContext);
};
try {
var response = await dio.get(_baseUrl);
print(response.data);
} catch (error) {
if (error is DioError) {
print(error.toString());
} else {
print('Unexpected Error');
}
}
}
The base URL and cert path were
final String _baseUrl = "https://www.facebook.com/";
final String _certificatePath = "assets/certificates/fb.pem";
It worked the first time but after I tried to hit network call it throws
HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:393))
Also, I Tried
MyHttpOverrides
Can anyone guide me to implement SSL pinning in the flutter app securely?
