Search Unity

  1. Unity 2017.2 beta is now available for download.
    Dismiss Notice
  2. Unity 2017.1 is now released.
    Dismiss Notice
  3. Introducing the Unity Essentials Packs! Find out more.
    Dismiss Notice
  4. Check out all the fixes for 5.6 on the patch releases page.
    Dismiss Notice
  5. Help us improve the editor usability and artist workflows. Join our discussion to provide your feedback.
    Dismiss Notice

SSL Certificate storage

Discussion in 'Editor & General Support' started by iivo_k, Dec 2, 2015.

  1. iivo_k

    iivo_k

    Joined:
    Jan 28, 2013
    Posts:
    301
    I have a huge problem trying to use WebRequest or SslStream with HTTPS. Namely that the SSL certificates are not recognized. I assume this is because Unity uses Mono, which in turn uses it's own certificate storage instead of the system storage. Using the WWW class with a HTTPS address works, but that may just be ignoring the certificates totally and I need to to stuff in threads instead of coroutines anyway.

    Even contacting https://google.com/ doesn't work!

    Code (CSharp):
    1.         Debug.Log("Testing WebRequest");
    2.         WebRequest req = WebRequest.Create("https://google.com/");
    3.         WebResponse response = req.GetResponse();
    4.         Stream stream = response.GetResponseStream();
    5.         Debug.Log(new StreamReader(stream).ReadToEnd());
    This code results in
    TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a

    How do I fix this? I need to have working HTTPS connections to Google App Engine servers, which I currently cannot figure out how to do. Making the ValidateServerCertificate delegate to ignore errors doesn't work, I still get an error saying authentication / decryption failed (and it would be bullshit to accept any cert anyway). I also don't think I should be manually adding / hardcoding certificates, since they may be changed any time.

    Does anyone have any idea what to do? Who knows about this stuff on Unity's side?
     
  2. iivo_k

    iivo_k

    Joined:
    Jan 28, 2013
    Posts:
    301
    Right, using

    Code (CSharp):
    1. System.Net.ServicePointManager.ServerCertificateValidationCallback =
    2.                  delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    3.                  { return true; };
    manages to skip the certificate check and allows the code to work. It's bullshit though, since ignoring the certificate check is not secure.

    So, how can the system root cert storage be used?
     
  3. iivo_k

    iivo_k

    Joined:
    Jan 28, 2013
    Posts:
    301
    Please Unity, waiting for an answer. Created a bug report too (749579), but obviously no answer to that either.
     
  4. iivo_k

    iivo_k

    Joined:
    Jan 28, 2013
    Posts:
    301
    Bump, anything official?
     
  5. orb

    orb

    Joined:
    Nov 24, 2010
    Posts:
    2,414
    I just tested that exact code in the editor on OS X, and it's not giving me the exception. There might be something weird with your network.
     
  6. iivo_k

    iivo_k

    Joined:
    Jan 28, 2013
    Posts:
    301
    It's not about the network, I can replicate it both at home or at work. It's because Mono doesn't have a root certificate storage by default and it doesn't use the one that the OS has.