Search Unity

  1. Good news ✨ We have more Unite Now videos available for you to watch on-demand! Come check them out and ask our experts any questions!
    Dismiss Notice
  2. Ever participated in one our Game Jams? Want pointers on your project? Our Evangelists will be available on Friday to give feedback. Come share your games with us!
    Dismiss Notice

Did anyone validate a SSL certificate within Unity proberly?

Discussion in 'Scripting' started by zlSimon, Jun 23, 2016.

  1. zlSimon

    zlSimon

    Joined:
    Apr 11, 2013
    Posts:
    31
    Hi,

    I am trying to validate a SSL certificate within Unity but I am failing again and again. I know that some people are "validating" the certificate the way that they set the ServerCertificateValidationCallback to a callback which just returns true but I want to do a Chain-of-trust-verification, Hostname verification and CRL verification which the Mono framework is capable of.

    When I try a simple request with the following Verification Callback:
    Code (CSharp):
    1. ServicePointManager.ServerCertificateValidationCallback = MyValidationCallback;
    2.  
    3. public bool MyValidationCallback( System.Object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors )
    4.     {
    5.         bool isOk = true;
    6.    
    7.         if (sslPolicyErrors != SslPolicyErrors.None)
    8.         {
    9.             for(int i=0; i<chain.ChainStatus.Length; i++)
    10.             {
    11.                 if(chain.ChainStatus[i].Status != X509ChainStatusFlags.RevocationStatusUnknown)
    12.                 {
    13.                     chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
    14.                     chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
    15.                     chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
    16.                     chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
    17.                     bool chainIsValid = chain.Build((X509Certificate2)certificate);
    18.                     if(!chainIsValid) {
    19.                         isOk = false;
    20.                     }
    21.                 }
    22.             }
    23.         }
    24.  
    25.         return isOk;
    26.     }
    However in most cases the sslPolicyError is not SslPolicyError.None but the chain is valid when I build it. This for example happens with "https://www.google.com" where I get a RemoteCertificateNameMismatch.

    I also do not understand where the mono version gets the certificates from since I did not import any in the mono trust store at first.
     
unityunity