CERTIFICATE_VERIFY_FAILED：无效或不一致的证书扩展名(handshake.cc.359)

Question

This problem only occurs when running my app on Android (Emulator or Physical Device). It's fine on iOS.

I'm getting this error when calling a GET request to my server protected with SSL.

HandshakeException: Handshake error in client (OS Error: I/flutter (11617):   CERTIFICATE_VERIFY_FAILED: invalid or inconsistent certificate extension(handshake.cc:359))

The SSL Certificate is not self-signed. It is signed by my company's own isolated CA. And the CA is 3 tiers (1 root certificate and 2 intermediate certificates underneath). The last intermediate authority is the one that signed the Server Certificate so the chain of trust is 3 levels.

Certificate details

1. CA and IA keys are 512 bits long and uses SHA-512 digestions
2. The server certificate key is 2048 bits long with a SHA-256 digestion
3. The extended key usage of the server certificate is only server authentication
4. The server certificate is also end-entry

I have added the server certificate and the chain of trust to the app itself under my /assets/raw/ directory and have added these to my securityContext (using iOClient for making http calls)

Flutter doctor results

[✓] Flutter (Channel stable, 2.2.2, on macOS 11.4 20F71 darwin-x64, locale en-PH)
[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
[✓] Xcode - develop for iOS and macOS
[✓] Chrome - develop for the web
[✓] Android Studio (version 4.2)
[✓] VS Code (version 1.57.1)
[✓] Connected device (3 available)
    ! Error: Gabe’s iPhone is busy: Copying cache files from device. Xcode will continue when Gabe’s iPhone is finished. (code -10)

• No issues found!

Answer 1

我通过向 android/app/src/debug/AndroidManifest.xml 添加一行来解决这个问题：

<application android:usesCleartextTraffic="true"/>