Dart 1.13 SSL issues

[Faisal Abid]

Hey guys, i'm trying to setup my SSL certificate with 1.13. Currently works fine in 1.12 but with the new BoringSSL implementation, i'm having a bunch of trouble.

First, i have a private key, .pem format. no password (ven.pem)

From my SSL provider, i got ws_ven_chat.crt, AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt

i generated a second .pem file with the cat of the files about, in this order

cat ws_ven_chat.crt, COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, AddTrustExternalCARoot.crt > cert_chain.pem

Once I had the cert_chain.pem

I did the following.

SecurityContext secure = new SecurityContext()
 ..useCertificateChain(localFile("cert/ven/cert_chain.pem"))
 ..usePrivateKey(localFile('cert/ven/ven.pem'));


HttpServer secureApp = await HttpServer.bindSecure(InternetAddress.ANY_IP_V4, port + 1, secure, shared: true);

secureApp.listen((HttpRequest req) => _handleHttpRequest(req), onError: (error) {

  Logger.root.severe(error);

}, cancelOnError: false);

Now when i connect to this resource, it just hangs. Nothing connects, no error, no response. I tried a different order for the cert_chain.pem, same thing, no error, no response, just hangs.

To make sure it was actually reading the files, i tried a different .pem file with a password, and it throws an error because it can't read the private key without the password.

I feel like there is something obvious I am missing!

Any help would be appreciated

[Robert Åkerblom-Andersson]

Hi Faisal,

Honestly it's a little hard without seeing the files, and of course sharing them would not be possible either...

However, something that struck me when I read you post was the commas you used in the "cat" command, are you sure your concatenated file is correct? On Linux at least those commas would not be correct syntax, looking at the man pages for OS X also suggest there should not be any commas on OS X either.

I might be wrong, but it's worth checking out if the concatenated file actually looks like you expect it to. If everything looks like you expect, I would try to setup Nginx with the same PEM files just to make sure the PEM files as 100% okay before continuing debugging, easy way to rule out any errors with the actual files.

Regards, Robert

[Faisal Abid]

Hey Robert, good idea about trying it in Nginx first! Yea I think i just wrote hte command wrong when writing this post! i verified the file that it generated is properly.

Thanks for hint, i'll try it out

--
You received this message because you are subscribed to the Google Groups "Dart Server-side and Cloud Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud+un...@dartlang.org.
Visit this group at http://groups.google.com/a/dartlang.org/group/cloud/.

[Søren Gjesse]

Hi Faisal,

In the Dart SDK repository we have a set of certificates we use for testing, they can be found here: https://github.com/dart-lang/sdk/tree/master/tests/standalone/io/certificates. The script that generates them are here: https://github.com/dart-lang/sdk/blob/master/tests/standalone/io/create_sample_certificates.sh. they are used in the tests in https://github.com/dart-lang/sdk/tree/master/tests/standalone/io. Maybe that can help you.

Regards,

Søren

[David Notik]

Is there some guide or updated set of instructions for enabling SSL for my Dart server? My Dart server utilizes Shelf.

I'd really like to get https:// going.

Side note: I recently learned of https://letsencrypt.org/ for free SSL certs. There's no reason that shouldn't be compatible her, right?

Thank you!

[Søren Gjesse]

After the release of 1.13 we updated the documentation for using TLS/SSL with Dart, see https://dart-lang.github.io/server/tls-ssl.html. It also contains a section on the changes from 1.12 to 1.13. All in all the change to BoringSSL should make it easier to use TLS with Dart - especially as you don't have to place you certificates and keys into the local NSS certificate database.

Regards,

Søren

---

Søren Gjesse

Software Engineer, Google Denmark

CVR nr. 28 86 69 84

--

You received this message because you are subscribed to the Google Groups "Dart Server-side and Cloud Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud+un...@dartlang.org.

Visit this group at https://groups.google.com/a/dartlang.org/group/cloud/.