Flutter自签名证书HttpOverrides和CERTIFICATE_VERIFY_FAILED

Question

我正在记录抖动和自签名证书的问题。

上下文： 我正在编写一个可以在客户VPN网络中运行的iOS Enterprise应用。

实施： 在main.dart中，我通过添加以下行来添加HttpOverrides参考：

  List<String> certificates = []; // [OMISSIS]: Load from Yaml File

  HttpOverrides.global = DefaultHttpOverrides(
      certificates);

这是DefaultHttpOverrides实现：

class DefaultHttpOverrides extends HttpOverrides {
  final List<String> certificates;

  DefaultHttpOverrides(this.certificates);

  void addTrustedCerts(SecurityContext context, List<String> certs) {
    certs.forEach((cert) => context.setTrustedCertificatesBytes(utf8.encode(cert)));
  }

  @override
  HttpClient createHttpClient(SecurityContext context) {
    if (context == null) context = SecurityContext(withTrustedRoots: true);

    if (certificates != null && certificates.isNotEmpty) {
      print("Found ${certificates.length} certificates to trust");
      addTrustedCerts(context, certificates);
    }

    final HttpClient client = super.createHttpClient(context);

    return client;
  }
}

当应用程序或单元测试尝试连接到API端点时，已记录以下错误：

══╡ EXCEPTION CAUGHT BY FLUTTER TEST FRAMEWORK ╞════════════════════════════════════════════════════
The following HandshakeException was thrown while running async test code:
Handshake error in client (OS Error:
        CERTIFICATE_VERIFY_FAILED: ok(handshake.cc:354))

When the exception was thrown, this was the stack:
#2      _HttpClient._getConnection.connect (dart:_http/http_impl.dart:2542:43)
#18     _HttpClient._getConnection.connect (dart:_http/http_impl.dart:2549:12)
#19     _HttpClient._getConnection (dart:_http/http_impl.dart:2552:19)
#20     _HttpClient._openUrl (dart:_http/http_impl.dart:2438:12)
#21     _HttpClient.openUrl (dart:_http/http_impl.dart:2323:7)
#22     IOClient.send (package:http/src/io_client.dart:31:37)
#23     BaseClient._sendUnstreamed (package:http/src/base_client.dart:91:38)
#24     BaseClient.post (package:http/src/base_client.dart:32:7)
#25     post.<anonymous closure> (package:http/http.dart:70:16)

我已经检查了网络以及有关此问题的几乎所有内容，但是得到的是添加以下内容：

  client.badCertificateCallback = 
    (X509Certificate cert, String host, int port) => true;

或限制为特定的主机/端口：

  client.badCertificateCallback = 
    (X509Certificate cert, String host, int port) => host == myEndpointHost;

是否可以通过安装PEM自签名证书代替所有内容？