Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. Unite 2023 Registrations are now LIVE! We are thrilled to announce that Unite 2023 Registration is now live and open for all!
    Dismiss Notice
New Forum User Notice Unite 2023 Registrations are now LIVE!

"SSL CA certificate error" in android < 7.1 devices, related by a LetsEncrypt change end of Sep.

Discussion in 'Android' started by jerome-lacoste, Oct 6, 2021.

  1. jerome-lacoste

    jerome-lacoste

    Joined:
    Jan 7, 2012
    Posts:
    206
    End of September LetsEncrypt rolled out a change in their certificate chain which could have affected older Android devices. To avoid this, they used some innovative set-up to ensure older android setups kept working.

    Yet we see that this affects some of our customers. Although the browsers on those devices keep working properly to access our serverss, our apps are failing with "SSL CA certificate error" since the 1st of October when doing UnityWebRequest calls on some Android < 7.1.

    How is the default certificate chain validation implemented in Unity?

    Is it parsed linearly (as was previously done in openssl up to v1.0.2) or is it properly following RFC 4158?

    This is not the first time we am seing network issues where browsers can access our sites, but unity can't. A precise description of the network stack and certificate chain validation on the various platforms would be useful.
     
    jerome-lacoste, Oct 6, 2021
    #1

  2. jerome-lacoste

    jerome-lacoste

    Joined:
    Jan 7, 2012
    Posts:
    206
    We've rolled out certificates from a different provider, but we really would like to know what happened there.
     
    jerome-lacoste, Oct 7, 2021
    #2

  3. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    14,446
    JeffDUnity3D, Oct 7, 2021
    #3