log certificate info

Volodymyr B · Volodymyr B · commit b91876853b68 · 2025-07-10T19:02:30.000+03:00
diff --git a/lib/src/sip_ua_helper.dart b/lib/src/sip_ua_helper.dart
@@ -805,6 +805,9 @@ class WebSocketSettings {
   /// for self-signed certificate.
   bool allowBadCertificate = false;
 
+  /// If true, debug the certificate.
+  bool debugCertificate = false;
+
   /// Custom transport scheme string to use.
   /// Otherwise the used protocol will be used (for example WS for ws://
   /// or WSS for wss://, based on the given web socket URL).
diff --git a/lib/src/transports/websocket_dart_impl.dart b/lib/src/transports/websocket_dart_impl.dart
@@ -25,10 +25,11 @@ class SIPUAWebSocketImpl {
     handleQueue();
     logger.i('connect $_url, ${webSocketSettings.extraHeaders}, $protocols');
     try {
-      if (webSocketSettings.allowBadCertificate) {
-        /// Allow self-signed certificate, for test only.
-        _socket = await _connectForBadCertificate(_url, webSocketSettings);
-      } else {
+      if (webSocketSettings.allowBadCertificate || webSocketSettings.debugCertificate) {
+        // Depending on the settings, it will allow self-signed certificates or debug them.
+        _socket = await _connectWithBadCertificateHandling(_url, webSocketSettings);
+      }
+      else {
         _socket = await WebSocket.connect(_url,
             protocols: protocols, headers: webSocketSettings.extraHeaders);
       }
@@ -69,8 +70,7 @@ class SIPUAWebSocketImpl {
     return _socket != null && _socket!.readyState == WebSocket.connecting;
   }
 
-  /// For test only.
-  Future<WebSocket> _connectForBadCertificate(
+  Future<WebSocket> _connectWithBadCertificateHandling(
       String url, WebSocketSettings webSocketSettings) async {
     try {
       Random r = Random();
@@ -84,8 +84,25 @@ class SIPUAWebSocketImpl {
 
       client.badCertificateCallback =
           (X509Certificate cert, String host, int port) {
-        logger.w('Allow self-signed certificate => $host:$port. ');
-        return true;
+        if(webSocketSettings.allowBadCertificate) {
+          logger.w('Allow self-signed certificate => $host:$port. ');
+          return true;
+        }
+        else if(webSocketSettings.debugCertificate){
+          logger.w('Server returns a server certificate that cannot be authenticated => $host:$port. ');
+          String certInfo = '\n';
+          certInfo+= ' Certificate subject: ${cert.subject}\n';
+          certInfo+= ' Certificate issuer: ${cert.issuer}\n';
+          certInfo+= ' Certificate valid from: ${cert.startValidity}\n';
+          certInfo+= ' Certificate valid to: ${cert.endValidity}\n';
+          certInfo+= ' Certificate SHA-1 fingerprint: ${cert.sha1}\n';
+
+          logger.w('Certificate details: {$certInfo}');
+          return false;
+        }
+        else{
+          return false; // reject the certificate
+        }
       };
 
       Uri parsed_uri = Uri.parse(url);
