0

I know little to nothing about networking. I am trying to make a program using Dart to talk to my Hue bridge.

I am using this certificate from the official API documentation, but it isn't working. I don't even know if that is what I am supposed to be doing, or if that is just an example of what a certificate looks like.

If this is just an example, I have no idea how to get the real certificate. Here is my code:

static Future<dynamic> get({
  required String url, // Looks like - https://[bridge_ip]/clip/v2/resource/device
}) async {
  try {
    SecurityContext securityContext = SecurityContext.defaultContext
      ..setTrustedCertificatesBytes(hueCert.codeUnits); // This is that certificate from the API docs as a String

    var client = IOClient(HttpClient(context: securityContext);

    Uri uri = Uri.parse(url);
    Map<String, String> headers = {
      "hue-application-key": "[username]", // TODO hardcoded for now
    };

    Response response = await client.get(uri, headers: headers);
  } catch (e) {
    print(e);
  }

  return null; // For now until I get this working
}

It always prints

HandshakeException: Handshake error in client (OS Error:
    CERTIFICATE_VERIFY_FAILED: application verification failure(handshake.cc:393))

I have done a ton of research and cannot figure this out. I have tried some hacky workarounds, like accepting any certificate, but I can't do that longterm.

When I run openssl s_client -showcerts -connect [bridge_ip]:443 in the terminal, I get a different certificate. When I use that, it still doesn't work. I have to capture the bad certificate, and manually let it through if it matches. It still doesn't even match unless I trim() it (which doesn't make sense because there is no blank space on either string). I do this by adding the following to the HttpClient from the code above.

..badCertificateCallback =
     (X509Certificate cert, String host, int port) => 
          cert.pem.trim() == hueCert.trim()

Please help. Thanks!

EDIT: Here is the output of --showcerts I redacted the things that look like they might be private. I don't know what it all means; so, I don't just want to post all of it.

CONNECTED(00000003)
depth=0 C = NL, O = Philips Hue, CN = [redacted]
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = NL, O = Philips Hue, CN = [redacted]
verify error:num=21:unable to verify the first certificate
verify return:1
write W BLOCK
---
Certificate chain
 0 s:/C=NL/O=Philips Hue/CN=[redacted]
   i:/C=NL/O=Philips Hue/CN=root-bridge
-----BEGIN CERTIFICATE-----
MIICPzCCAeSgAw[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
[redacted]
rtc1
-----END CERTIFICATE-----
---
Server certificate
subject=/C=NL/O=Philips Hue/CN=[redacted]
issuer=/C=NL/O=Philips Hue/CN=root-bridge
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1064 bytes and written 413 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256
    Session-ID: [redacted]
    Session-ID-ctx: 
    Master-Key: [redacted]
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    [redacted]

    Start Time: 1678684242
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
closed
JebediahTheAmishProgrammer
  • 133
  • 1
  • 1
  • 11

0 Answers0