Did anyone validate a SSL certificate within Unity proberly?

zlSimon · Jun 23, 2016

Hi,

I am trying to validate a SSL certificate within Unity but I am failing again and again. I know that some people are "validating" the certificate the way that they set the ServerCertificateValidationCallback to a callback which just returns true but I want to do a Chain-of-trust-verification, Hostname verification and CRL verification which the Mono framework is capable of.

When I try a simple request with the following Verification Callback:

Code (CSharp):

ServicePointManager.ServerCertificateValidationCallback = MyValidationCallback;

public bool MyValidationCallback( System.Object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors )

{

bool isOk = true;

if (sslPolicyErrors != SslPolicyErrors.None)

{

for(int i=0; i<chain.ChainStatus.Length; i++)

{

if(chain.ChainStatus[i].Status != X509ChainStatusFlags.RevocationStatusUnknown)

{

chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;

chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;

chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);

chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;

bool chainIsValid = chain.Build((X509Certificate2)certificate);

if(!chainIsValid) {

isOk = false;

}

}

}

}

return isOk;

}

However in most cases the sslPolicyError is not SslPolicyError.None but the chain is valid when I build it. This for example happens with "https://www.google.com" where I get a RemoteCertificateNameMismatch.

I also do not understand where the mono version gets the certificates from since I did not import any in the mono trust store at first.

Search Unity

Unity ID

Useful Searches

Did anyone validate a SSL certificate within Unity proberly?

zlSimon