Dart 1.13 SSL issues

88 views
Skip to first unread message

Faisal Abid

unread,
Nov 26, 2015, 5:19:06 PM11/26/15
to Dart Server-side and Cloud Development
Hey guys, i'm trying to setup my SSL certificate with 1.13. Currently works fine in 1.12 but with the new BoringSSL implementation, i'm having a bunch of trouble.


First, i have a private key, .pem format. no password (ven.pem)

From my SSL provider, i got ws_ven_chat.crt, AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt

i generated a second .pem file with the cat of the files about, in this order

cat ws_ven_chat.crt, COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, AddTrustExternalCARoot.crt > cert_chain.pem

Once I had the cert_chain.pem

I did the following.

SecurityContext secure = new SecurityContext()
 
..useCertificateChain(localFile("cert/ven/cert_chain.pem"))
 
..usePrivateKey(localFile('cert/ven/ven.pem'));


HttpServer secureApp = await HttpServer.bindSecure(InternetAddress.ANY_IP_V4, port + 1, secure, shared: true);

secureApp
.listen((HttpRequest req) => _handleHttpRequest(req), onError: (error) {
  Logger.root.severe(error);
}, cancelOnError: false);


Now when i connect to this resource, it just hangs. Nothing connects, no error, no response. I tried a different order for the cert_chain.pem, same thing, no error, no response, just hangs.
To make sure it was actually reading the files, i tried a different .pem file with a password, and it throws an error because it can't read the private key without the password.

I feel like there is something obvious I am missing!

Any help would be appreciated






Robert Åkerblom-Andersson

unread,
Nov 26, 2015, 6:19:59 PM11/26/15
to Dart Server-side and Cloud Development
Hi Faisal,

Honestly it's a little hard without seeing the files, and of course sharing them would not be possible either...

However, something that struck me when I read you post was the commas you used in the "cat" command, are you sure your concatenated file is correct? On Linux at least those commas would not be correct syntax, looking at the man pages for OS X also suggest there should not be any commas on OS X either.

I might be wrong, but it's worth checking out if the concatenated file actually looks like you expect it to. If everything looks like you expect, I would try to setup Nginx with the same PEM files just to make sure the PEM files as 100% okay before continuing debugging, easy way to rule out any errors with the actual files.

Regards, Robert

Faisal Abid

unread,
Nov 26, 2015, 8:57:22 PM11/26/15
to Robert Åkerblom-Andersson, Dart Server-side and Cloud Development
Hey Robert, good idea about trying it in Nginx first! Yea I think i just wrote hte command wrong when writing this post! i verified the file that it generated is properly.

Thanks for hint, i'll try it out

--
You received this message because you are subscribed to the Google Groups "Dart Server-side and Cloud Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud+un...@dartlang.org.
Visit this group at http://groups.google.com/a/dartlang.org/group/cloud/.

Søren Gjesse

unread,
Nov 27, 2015, 2:10:57 AM11/27/15
to Faisal Abid, Robert Åkerblom-Andersson, Dart Server-side and Cloud Development
Hi Faisal,

In the Dart SDK repository we have a set of certificates we use for testing, they can be found here: https://github.com/dart-lang/sdk/tree/master/tests/standalone/io/certificates. The script that generates them are here: https://github.com/dart-lang/sdk/blob/master/tests/standalone/io/create_sample_certificates.sh. they are used in the tests in https://github.com/dart-lang/sdk/tree/master/tests/standalone/io. Maybe that can help you.

Regards,
Søren

David Notik

unread,
Jan 9, 2016, 10:01:09 PM1/9/16
to Dart Server-side and Cloud Development, faisa...@gmail.com, rober...@gmail.com
Is there some guide or updated set of instructions for enabling SSL for my Dart server? My Dart server utilizes Shelf.

I'd really like to get https:// going.

Side note: I recently learned of https://letsencrypt.org/ for free SSL certs. There's no reason that shouldn't be compatible her, right?

Thank you!

Søren Gjesse

unread,
Jan 11, 2016, 2:41:20 AM1/11/16
to David Notik, Dart Server-side and Cloud Development, Faisal Abid, Robert Åkerblom-Andersson, William Hesse
After the release of 1.13 we updated the documentation for using TLS/SSL with Dart, see https://dart-lang.github.io/server/tls-ssl.html. It also contains a section on the changes from 1.12 to 1.13. All in all the change to BoringSSL should make it easier to use TLS with Dart - especially as you don't have to place you certificates and keys into the local NSS certificate database.

Regards,
Søren

---
Søren Gjesse
Software Engineer, Google Denmark
CVR nr. 28 86 69 84


--
You received this message because you are subscribed to the Google Groups "Dart Server-side and Cloud Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud+un...@dartlang.org.
Reply all
Reply to author
Forward
0 new messages