CERTIFICATE_VERIFY_FAILED: Hostname mismatch(handshake.cc:352)) for TCP connection on local server
The problem is that the CN (or SANs) in the certificate presented by the local machine do not include 192.168.8.106
.
You can verify this by using the openssl s_client
command:
openssl s_client -connect 192.168.8.106:8883 -CAfile /path/to/ca/cert
This means that the SSL/TLS library in flutter will complain that certificate doesn't reliably represent that machine.
This is important as this is what stops Man-in-the-Middle attacks.
You have 2 options to solve this.
- reissue the certificate with a CN or SAN entry with 192.168.8.106
- See if you can find a way to influence the Certificate verification. There are examples of how to do this with the dart http library (https://stackoverflow.com/a/59303283/504554) but I haven't found this in the MQTT client library (I haven't looked that hard).
You have to be very careful if you go with option 2 to ensure that you do not open up too big a hole for Man-in-the-middle attacks.
I got the same error in my flutter app but my solution and reason was a bit different.
My certificate was "*.xxxxxx.com" (star certificate).(xxxxxx.com is not for +18 site, just sample :) )
My subdomain name was sub_domain.xxxxxx.com.
Solution was simple, but it take time to solve it.
"_" (underscore) was the main problem in the domain name.I changed it to subdoman.xxxxxx.com and it worked.