Http package fails to read an URL

[DartBot]

<img src="https://avatars.githubusercontent.com/u/148256?v=3" align="left" width="96" height="96"hspace="10"> Issue by kaisellgren
Originally opened as dart-lang/sdk#9675

---

This code using the HTTP package fails:

    http.read('https://www.chms.edu.mx/')

The result is:

Uncaught Error: SocketIOException: RawSecureSocket error (Unexpected handshake error in client) (OS Error: errno = -8181)
Unhandled exception:
SocketIOException: RawSecureSocket error (Unexpected handshake error in client) (OS Error: errno = -8181)

­0 _FutureImpl._scheduleUnhandledError.<anonymous closure> (dart:async:347:9)

­1 Timer.Timer.<anonymous closure> (dart:async-patch:11:15)

­2 _Timer._createTimerHandler._handleTimeout (dart:io:6031:28)

­3 _Timer._createTimerHandler._handleTimeout (dart:io:6039:7)

­4 _Timer._createTimerHandler.<anonymous closure> (dart:io:6047:23)

­5 _ReceivePortImpl._handleMessage (dart:isolate-patch:40:92)

[DartBot]

<img src="https://avatars.githubusercontent.com/u/1343914?v=3" align="left" width="48" height="48"hspace="10"> Comment by sgjesse

---

We are missing turning the NSS error codes into test. You can see the error codes on http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html.

The error -8181 indicate an expired certificate.

Currently there are no way to bypass a bad certificate using either package:http or dart:io directly. The SecureSocket and RawSecureSocket has onBadCertificate callbacks thich can be used to bypadd invalid certificates.

---

Removed Type-Defect label.
Added Type-Enhancement, Area-Pkg, Triaged labels.
Marked this as being blocked by dart-lang/sdk#9689.

[DartBot]

<img src="https://avatars.githubusercontent.com/u/5479?v=3" align="left" width="48" height="48"hspace="10"> Comment by sethladd

---

Added Pkg-Http label.

[DartBot]

<img src="https://avatars.githubusercontent.com/u/188?v=3" align="left" width="48" height="48"hspace="10"> Comment by nex3

---

This is out of scope for direct support in the http package, but it can be accomplished relatively easily by passing in an HttpClient with an onBadCertificate callback to [new IOClient].

---

Added NotPlanned label.