你知道為什么會呼叫 badCertificateCallback 嗎?證書(飛鏢聲稱無效)與我設定為受信任證書的證書完全相同(相等性檢查為真!)。
import 'dart:convert';
import 'dart:io';
import 'dart:typed_data';
import 'package:http/http.dart' as http;
import 'package:http/io_client.dart';
final PEM = new File(
'../server_keys/cert.pem',
).readAsBytesSync();
Future<http.Response> listDir(String path) async {
SecurityContext context = new SecurityContext(withTrustedRoots: false);
context.setTrustedCertificatesBytes(PEM);
print("context setup");
final httpClient = HttpClient(context: context);
httpClient.badCertificateCallback = ((cert, host, port) {
print("In bad certificate callback.");
print('Subject: ${cert.subject}');
print('Issuer: ${cert.issuer}');
print('Expires: ${cert.endValidity}');
print('Host: ${host}');
print('Port: ${port}');
return String.fromCharCodes(PEM) == cert.pem;
});
print("get url");
final client = IOClient(httpClient);
print("POSTING");
return client
.post(
Uri.parse('https://127.0.0.1:5000/list'),
headers: <String, String>{
'Content-Type': 'application/json; charset=UTF-8',
},
body: jsonEncode(<String, String>{
'path': path,
}),
)
.timeout(const Duration(seconds: 5));
}
void main() async {
await listDir("admin/user/test").then((response) {
print(response.body);
});
print("finished");
}
此外,這作業得很好:
curl -v --cacert ../server_keys/cert.pem https://127.0.0.1:5000/list
也許你可以給我一個提示。
更多資訊:
這是證書:
-----BEGIN CERTIFICATE-----
MIIE0jCCAroCEQCpB3UQ/DdGjoFQykLNzSJcMA0GCSqGSIb3DQEBDQUAMCcxETAP
BgNVBAoMCFhZWkNsb3VkMRIwEAYDVQQDDAkxMjcuMC4wLjEwHhcNMjIwNjE3MTI1
ODM2WhcNMzIwNjE0MTI1ODM2WjAnMREwDwYDVQQKDAhYWVpDbG91ZDESMBAGA1UE
AwwJMTI3LjAuMC4xMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq8Hg
MaLMUzrDFb5SkpkwpT/0uVX0DL7XUEOgo8QPGWHD5OtM4CGbafF3nW0vdjYWXAhr
RUcqaq/NNu5Z715QvZwdR9jeXs/M4cPJ9/em/4AjvrhaQxJd2pvIr/Tajaw/yqOF
Sw7MT01v4Xszd7ImKeDYcwhyZYo5CdwCUj8lCo4cwq4pRUOGGuUXZiYJzIognC6v
E UT0Lo/zoDebvc6JUXJ43meH8FxYqGkHHEE vXwoxyxw64C fglW4sbMfnrYUmr
EfzOL0DHwygFyl6TIZEM8w 5vXIm4vims6lYEtnlVo0eB Wj6Y0QPhaA3giTcioX
f6tZYdIx2cRXzRaKujG/iJN U4N2m/kXidJmkl0Uir H6YerWdGSLWY7saeuR14i
X5VPVH/zenjbjCAWqQUyp9bvphpBERSmhQWrwVOFqdeqIgHOxn81DCFCEnzNLTMH
svL8lTF1Q0PSiNB4Rf95TpnhjAGEtk24EE/aJw uDgPaM9XyIYYSzdcCL2t5EL9
CUz8Lc19Iq6TlKsIPnQdDYFetmzSJaWnxNwyvjLGd3uLbF8CJOm8MQEANTOmImLz
ZFlgH/LXxm/gSngcjxIQYW d8FbrpWu6RBHF43jxOxLZYx16fcTt/QM1cASsIHuI
kcy9sKvzBsStUqMyLRbuKfF/lAOovDuBwvvzIMECAwEAATANBgkqhkiG9w0BAQ0F
AAOCAgEACQR6Sup hjY3Jz2EDjeVDoWsliDrtwtZ7T igTrQbeT1gIiaIf4soJjw
RqQsZXMdFDCHsGI7eneI6wM2L03kXu7CSTL04TYDhr/2ykqjolha1KZ4W6oNlxGr
fqPdVsdo/NpyXn3b/XxtrPQnHRfZUN8OrlCn8wG0fNb6BFVEvPajcayuJdgS2qmn
5Umc66D6LqsuODOu 6URdQApFQYI nAKQinFDUuNLnIpusaF7QG9r/Mf m1ADNF
WvBt594u0XSzR5 dXA0V60nfLxcC8YMqDtQ1bmbYukJRQEoarREJawI4OUYutLu2
XulnUM4sqUnbgAthaO8i5kHWp6iYjnX6B0 COyABBLqiyXu6w0nLMQzv9hekDDaN
CvhDf9BOtLrbFRnZJqxWKITxZw9U58yEeBgIXFQviYUL81tcWk8QyOBrocNBohMz
C SypMIGPL21 Xv87MwMk/ied5J4V0rY93NOC MDC6mTbJ1EOr/XEs TxTu8AnDt
0EhjzXlPj4G100fmaP9BHjMPy8ReSy09bzAU4GPs8dAl7x6aNutyi39E7WeUgJNm
Odv4Wz7LwxX3t/cWkgSoKFT5DuDpBlafbI7ACWCjVe5mgd7cx75mv6pMTqJI8fEA
/OW44WN6IaLHyjG8BeHEt1yVld9RbCeyUY7A4cx94wwpD7TfPlI=
-----END CERTIFICATE-----
這是 python 燒瓶服務器代碼(現在使用 localhost):
import os
from flask import Flask, jsonify
import ssl
app = Flask(__name__)
@app.route("/list", methods = ['POST', 'GET'])
def list_route():
return jsonify(isError= False,
message= "Success",
statusCode= 200,
data={
"path": "hihi"
}), 200
if __name__ == "__main__":
server_keys = {
"url": "localhost",
"cert_file": "server_keys/cert.pem",
"key_file": "server_keys/key.pem",
}
os.system("openssl req -x509 -nodes -new -sha256 -days 390 -newkey rsa:4096 -keyout server_keys/key.pem -out server_keys/cert.pem -subj '/C=de/CN=localhost'")
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(server_keys["cert_file"], server_keys["key_file"])
app.run(debug=True, ssl_context=context, host=server_keys["url"], port="5000")
它正在使用 curl:
curl -v --cacert ../server_keys/cert.pem https://localhost:5000/list
但仍然不適合我使用飛鏢(使用英特爾 Mac OSX 貨幣)。
uj5u.com熱心網友回復:
看起來你偶然發現了 Dart 的一個錯誤。關于這個確切的問題有一個未解決的問題。它只出現在 macOS 上,但在 Windows/Linux/Android 上運行完美......
下面是生成密鑰的命令bash。我自己測驗了這個腳本,它在 Windows 上運行,但在 macOS 上失敗。
openssl req -x509 -out localhost.crt -keyout localhost.key \
-newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT \
-config <(printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/496369.html
