Bug SSL CA Certificate Error on Android 7

Hi,

On one of my Android devices when trying to Authenticate I receive a:

Unity.Services.Core.RequestFailedException: Network Error: SSL CA certificate error

My game is targeting API 30 and has a minimum API of 23. The device that is receiving the error is API level 24.

When I deploy the code to a device running API 30 it works fine.

I am calling AuthenticationService.Instance.SignInAnonomouslyAsync()

Thanks
Mick

 

Sure I'm currently using 2021.2.4f1 but had the same issue in 2021.2.3f1.

 

Great, thanks. If 24 is below minimum then i can get a different test device

 

It would be good to know if there is a minimum level for IOS as well as i need to purchase an Apple device for testing.

 

Hi guys,

I'm currently dealing with a similair problem that I'm pretty sure would be caused by the same issue and I'm posting to share the cause of the problem with you guys.
Since October 2021 Let's Encrypt's previous SSL certificate (DST Root CA X3) expired and they switched over to using their own certificate called ISRG Root X1 and X2.
Trusted certificates are actually added to android devices on an OS level and android versions starting from 7.1.1/API25 contain the ISRG Certificates.
On the other hand older OS versions only contain the DST Root CA X3 certificate which causes SSL requests to fail.

They detailed this situation in this blog post: https://letsencrypt.org/2020/11/06/own-two-feet.html however later on they managed to find a solution with the old certificate outlined here: https://letsencrypt.org/2020/12/21/extending-android-compatibility.html .
A key point in that solution is explained at the bottom: "When we make that change, subscribers will have the option to continue using DST Root CA X3 by configuring their ACME client to specifically request it.".
So basically the certificate can be configured on a per website basis and thus you should be capable of specifically requesting the old certificate but if you don't do that SSL requests will still fail.

Because of this I've been looking for a way to manually add the new certificates to the android app so that secure web requests will hopefully continue to work. The only solution I found so far was specifically for android 7 so hopefully this helps you out: https://www.danieldent.com/blog/android-apps-lets-encrypt-dst-root-expiry/ .
I'm personally looking for a solution that would be compatible with Android 6 so if anybody runs into something I would love to hear your take on this problem.

 

Any update on what versions work?

 

Thanks! Huh, that’s weird then. It seems android 7.0 (api 24) should work just fine based on that, but I’m running into the exact same issue with that level of android or below.

 

Hello,

in my project I am using Authentication package with version 1.0.0.-pre.37. For testing of this package I am using this script:

Code (CSharp):

1.  
2. using System;
3. using Unity.Services.Authentication;
4. using UnityEngine;
5. using Unity.Services.Core;
6.  
7. public class authentication : MonoBehaviour
8. {
9.     // Start is called before the first frame update
10.     async void Start()
11.     {
12.         try
13.         {
14.             await UnityServices.InitializeAsync();
15.  
16.             // Check that scene has not been unloaded while processing async wait to prevent throw.
17.             if (this == null) return;
18.  
19.             if (!AuthenticationService.Instance.IsSignedIn)
20.             {
21.                 await AuthenticationService.Instance.SignInAnonymouslyAsync();
22.                 if (this == null) return;
23.             }
24.  
25.             Debug.Log($"Player id:{AuthenticationService.Instance.PlayerId}");
26.  
27.             Debug.Log("Initialization and signin complete.");
28.         }
29.         catch (Exception e)
30.         {
31.             Debug.LogException(e);
32.         }
33.     }
34. }

Anonymously sign in work well in editor, but in build on mobile I am getting warnings and errors. For testing I am using mobile Honor 7 lite with Android version 7.0 API 24.

Warnings are:
[Authentication]: Well-known keys request failed (attempt: 1): 0, SSL CA certificate error
UnityEngine.StackTraceUtility:ExtractStackTrace () (at /Users/bokken/buildslave/unity/build/Runtime/Export/Scripting/StackTrace.cs:37)
UnityEngine.DebugLogHandler:LogFormat (UnityEngine.LogType,UnityEngine.Object,string,object[])
UnityEngine.Logger:LogWarning (string,object)
Unity.Services.Authentication.Utilities.Logger:LogWarning (object) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/Logger.cs:16)
Unity.Services.Authentication.AuthenticationServiceInternal/<GetWellKnownKeysAsync>d__93:MoveNext () (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/AuthenticationServiceInternal.cs:382)
System.Runtime.CompilerServices.AsyncMethodBuilderCore/MoveNextRunner:InvokeMoveNext (object)
System.Threading.ExecutionContext:RunInternal (System.Threading.ExecutionContext,System.Threading.ContextCallback,object,bool)
System.Threading.ExecutionContext:Run (System.Threading.ExecutionContext,System.Threading.ContextCallback,object,bool)
System.Runtime.CompilerServices.AsyncMethodBuilderCore/MoveNextRunner:Run ()
System.Threading.Tasks.AwaitTaskContinuation:InvokeAction (object)
System.Threading.Tasks.AwaitTaskContinuation:RunCallback (System.Threading.ContextCallback,object,System.Threading.Tasks.Task&)
System.Threading.Tasks.SynchronizationContextAwaitTaskContinuation:Run (System.Threading.Tasks.Task,bool)
System.Threading.Tasks.Task:FinishContinuations ()
System.Threading.Tasks.Task:FinishStageThree ()
System.Threading.Tasks.Task:FinishStageTwo ()
System.Threading.Tasks.Task:Finish (bool)
System.Threading.Tasks.Task:TrySetException (object)
System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1<Unity.Services.Authentication.Models.WellKnownKeys>:SetException (System.Exception)
Unity.Services.Authentication.Utilities.WebRequest/<SendAsync>d__18`1<Unity.Services.Authentication.Models.WellKnownKeys>:MoveNext () (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/WebRequest.cs:83)
System.Runtime.CompilerServices.AsyncMethodBuilderCore/MoveNextRunner:InvokeMoveNext (object)
System.Threading.ExecutionContext:RunInternal (System.Threading.ExecutionContext,System.Threading.ContextCallback,object,bool)
System.Threading.ExecutionContext:Run (System.Threading.ExecutionContext,System.Threading.ContextCallback,object,bool)
System.Runtime.CompilerServices.AsyncMethodBuilderCore/MoveNextRunner:Run ()
System.Threading.Tasks.AwaitTaskContinuation:InvokeAction (object)
System.Threading.Tasks.AwaitTaskContinuation:RunCallback (System.Threading.ContextCallback,object,System.Threading.Tasks.Task&)
System.Threading.Tasks.SynchronizationContextAwaitTaskContinuation:Run (System.Threading.Tasks.Task,bool)
System.Threading.Tasks.Task:FinishContinuations ()
System.Threading.Tasks.Task:FinishStageThree ()
System.Threading.Tasks.Task:FinishStageTwo ()
System.Threading.Tasks.Task:Finish (bool)
System.Threading.Tasks.Task:TrySetException (object)
System.Threading.Tasks.TaskCompletionSource`1<string>:TrySetException (System.Exception)
System.Threading.Tasks.TaskCompletionSource`1<string>:SetException (System.Exception)
Unity.Services.Authentication.Utilities.WebRequest:RequestCompleted (System.Threading.Tasks.TaskCompletionSource`1<string>,long,bool,bool,string,string,System.Collections.Generic.IDictionary`2<string, string>) (at PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/WebRequest.cs:208)
Unity.Services.Authentication.Utilities.WebRequest/<>c__DisplayClass19_1:<SendAttemptAsync>b__0 (UnityEngine.AsyncOperation) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/WebRequest.cs:95)
UnityEngine.AsyncOperation:InvokeCompletionEvent () (at /Users/bokken/buildslave/unity/build/Runtime/Export/Scripting/AsyncOperation.cs:21)

[Authentication]: Request completed with error: SSL CA certificate error
UnityEngine.StackTraceUtility:ExtractStackTrace () (at /Users/bokken/buildslave/unity/build/Runtime/Export/Scripting/StackTrace.cs:37)
UnityEngine.DebugLogHandler:LogFormat (UnityEngine.LogType,UnityEngine.Object,string,object[])
UnityEngine.Logger:LogWarning (string,object)
Unity.Services.Authentication.Utilities.Logger:LogWarning (object) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/Logger.cs:16)
Unity.Services.Authentication.Utilities.WebRequest:RequestCompleted (System.Threading.Tasks.TaskCompletionSource`1<string>,long,bool,bool,string,string,System.Collections.Generic.IDictionary`2<string, string>) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/WebRequest.cs:209)
Unity.Services.Authentication.Utilities.WebRequest/<>c__DisplayClass19_1:<SendAttemptAsync>b__0 (UnityEngine.AsyncOperation) (at Library/PackageCache/com.unity.services.authentication@1.0.0-pre.37/Runtime/Utilities/WebRequest.cs:95)
UnityEngine.AsyncOperation:InvokeCompletionEvent () (at /Users/bokken/buildslave/unity/build/Runtime/Export/Scripting/AsyncOperation.cs:21)

And error:
Curl error 60: Cert verify failed: UNITYTLS_X509VERIFY_FLAG_USER_ERROR1

How can I fix it?

Thank you very much

 

I've never been able to log in on my phone Honor 7 lite with Android 7.0 API 24, but yesterday my co-worker tried it on Samsung S20 FE 5G with Android 11 API 30 and he log in succesfully.

 

As additional information I can mention that we are using Unity 2021.2.7f1. Do you need to provide any more information?