helpy4/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich synced 2025-11-07 17:27:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

feat: use OkHttp and fix mTLS (#15230)

Browse source
This commit is contained in:
Denys Vitali 2025-10-08 13:55:04 +02:00
parent 4cd2cc223a
commit 6de4921b99
No known key found for this signature in database
GPG key ID: 37CE2BFB2D6D249D
22 changed files with 560 additions and 236 deletions
Download patch file Download diff file Expand all files Collapse all files

37
mobile/lib/utils/http_ssl_cert_override.dart
View file

@ -1,49 +1,18 @@
import 'dart:io';
import 'package:immich_mobile/entities/store.entity.dart';
import 'package:logging/logging.dart';
class HttpSSLCertOverride extends HttpOverrides {
static final Logger _log = Logger("HttpSSLCertOverride");
final bool _allowSelfSignedSSLCert;
final String? _serverHost;
final SSLClientCertStoreVal? _clientCert;
late final SecurityContext? _ctxWithCert;
HttpSSLCertOverride(this._allowSelfSignedSSLCert, this._serverHost, this._clientCert) {
if (_clientCert != null) {
_ctxWithCert = SecurityContext(withTrustedRoots: true);
if (_ctxWithCert != null) {
setClientCert(_ctxWithCert, _clientCert);
} else {
_log.severe("Failed to create security context with client cert!");
}
} else {
_ctxWithCert = null;
}
}
static bool setClientCert(SecurityContext ctx, SSLClientCertStoreVal cert) {
try {
_log.info("Setting client certificate");
ctx.usePrivateKeyBytes(cert.data, password: cert.password);
ctx.useCertificateChainBytes(cert.data, password: cert.password);
} catch (e) {
_log.severe("Failed to set SSL client cert: $e");
return false;
}
return true;
}
HttpSSLCertOverride(this._allowSelfSignedSSLCert, this._serverHost);
@override
HttpClient createHttpClient(SecurityContext? context) {
if (context != null) {
if (_clientCert != null) {
setClientCert(context, _clientCert);
}
} else {
context = _ctxWithCert;
}
// Use system trust store with trusted roots if no client certificate is provided
context = SecurityContext(withTrustedRoots: true);
return super.createHttpClient(context)
..badCertificateCallback = (X509Certificate cert, String host, int port) {