webview_flutter "Failed to validate the certificate chain" SSL handshake failed error

Question

I had this problem and solved it with the help of this but it took me some time to figure out where to put the code since the codes are a bit different between flutter_webview_pugin vs webview_flutter. so this a tutorial to show how to implement this method for webview_flutter on MacOS(on windows only file may differ)

1- copy this folder /Volumes/.../Flutter/SDK/flutter/.pub-cache/hosted/pub.dartlang.org/webview_flutter-0.3.10+4 to one step up from the root of your project somewhere like for example.

If this is your project: /Volumes/Depo/MyProject/ Then it's convenient to put the plugin folder here: /Volumes/Depo/edited/

2- Then open this file /Volumes/Depo/edited/webview_flutter-0.3.10+4/android/src/main/java/io/flutter/plugins/webviewflutter/FlutterWebViewClient.java

and add this line

@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
  handler.proceed();
}

to internalCreateWebViewClient function. after you're done it should look like this

private WebViewClient internalCreateWebViewClient() {
    return new WebViewClient() {
      @TargetApi(Build.VERSION_CODES.N)
      @Override
      public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
        return FlutterWebViewClient.this.shouldOverrideUrlLoading(view, request);
      }

      @Override
      public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
        handler.proceed();
        }

      @Override
      public void onPageFinished(WebView view, String url) {
        FlutterWebViewClient.this.onPageFinished(view, url);
      }
    };
  }

3- add these imports

import android.net.http.SslError;
import android.webkit.SslErrorHandler;

Since this method bypasses SSL its not recommended for production use.

This problem occurs even if the server's SSL certificate is valid. Because a valid SSL doesn't guarantee that every service reached by clients via that domain will end up using the same origin in my case I was trying to connect to the server to stream security cam using RTSP but it was "101 Switching Protocols" on the first request to a different port where there is no valid SSL is implemented.

Answer 1

You can use my plugin flutter_inappwebview. It has a lot of events, including events to manage SSL errors and SSL client certificate requests:

• onReceivedServerTrustAuthRequest: Event fired when the WebView need to perform server trust authentication (certificate validation). This is implemented using the onReceivedSslError event on Android.
• onReceivedClientCertRequest: Notify the host application to handle an SSL client certificate request.

So, in your case, you need to use only the onReceivedServerTrustAuthRequest event and return simply ServerTrustAuthResponse(action: ServerTrustAuthResponseAction.PROCEED);:

import 'dart:async';

import 'package:flutter/material.dart';

import 'package:flutter_inappwebview/flutter_inappwebview.dart';

Future main() async {
  runApp(new MyApp());
}

class MyApp extends StatefulWidget {
  @override
  _MyAppState createState() => new _MyAppState();
}

class _MyAppState extends State<MyApp> {

  @override
  void initState() {
    super.initState();
  }

  @override
  void dispose() {
    super.dispose();
  }

  @override
  Widget build(BuildContext context) {
    return MaterialApp(
        home: InAppWebViewPage()
    );
  }
}

class InAppWebViewPage extends StatefulWidget {
  @override
  _InAppWebViewPageState createState() => new _InAppWebViewPageState();
}

class _InAppWebViewPageState extends State<InAppWebViewPage> {
  InAppWebViewController webView;

  @override
  Widget build(BuildContext context) {
    return Scaffold(
        appBar: AppBar(
            title: Text("InAppWebView")
        ),
        body: Container(
            child: Column(children: <Widget>[
              Expanded(
                child: Container(
                  child: InAppWebView(
                    initialUrl: "https://myUrl",
                    initialHeaders: {},
                    initialOptions: InAppWebViewWidgetOptions(
                        inAppWebViewOptions: InAppWebViewOptions(
                          debuggingEnabled: true,
                        ),
                    ),
                    onWebViewCreated: (InAppWebViewController controller) {
                      webView = controller;
                    },
                    onLoadStart: (InAppWebViewController controller, String url) {

                    },
                    onLoadStop: (InAppWebViewController controller, String url) {

                    },
                    onReceivedServerTrustAuthRequest: (InAppWebViewController controller, ServerTrustChallenge challenge) async {
                      return ServerTrustAuthResponse(action: ServerTrustAuthResponseAction.PROCEED);
                    },
                  ),
                ),
              ),
            ]))
    );
  }
}

where "https://myUrl" is your url.