CODEWITHSUNDEEP
dartaqueduct
Arthur Daniel
Arthur Daniel

Reputation: 341

Running tests in aqueduct with SSL using self signed certificate results in error

I am new to working with openSSL and cert do's and dont's.

Within my sink file I am making use of SecurityContext to force HTTPs:

@override
SecurityContext get securityContext {
    return new SecurityContext()
        ..usePrivateKey("SSL/key.pem", password: keypassword)
        ..useCertificateChain("SSL/cert.pem", password: certpassword);
}

I am developing locally and created the self signed key and cert using OpenSSL. When running the application via aqueduct serve, I have no issues (other than confirming with the respective browser that I am aware that the certificate is not CA signed) but when running my tests I receive the following error: 

HandshakeException: Handshake error in client (OS Error: 
CERTIFICATE_VERIFY_FAILED: self signed certificate(ssl_cert.c:345))

Does this mean that I need to be using a CA signed certificate to avoid this?

Upvotes: 0

Views: 217

Answers (1)

Joe Conway
Joe Conway

Reputation: 1586

By default, Dart HttpClient will fail if the server's SSL cert is self-signed. You can override this, but TestClient doesn't give you access to the underlying HttpClient. We could make that property public, but...

Tests are primarily for testing application logic. Whether or not SSL is used won't matter all that much. aqueduct serve has CLI options for SSL. When running locally or via tests, you can omit SSL. When running remotely with a signed SSL cert, you can add the key and file path to the CLI args at launch:

aqueduct serve --ssl-key-path SSL/key.pem --ssl-certificate-path SSL/cert.pem

Upvotes: 1

Related Questions