Search Unity

Ssl/tls issues connecting to https using HttpWebRequest

Discussion in 'Scripting' started by ls89, Feb 7, 2018.

  1. ls89

    ls89

    Joined:
    Feb 7, 2018
    Posts:
    2
    I have an application that has been working fine using Unity's WWW object.
    A client is looking for a build that will work with their proxy so the WWW object will no longer do.

    I'm not too worried about the proxy part, I assume that will be fine once I get HttpWebRequest or WebClient or something along those lines to work.

    This is my sandbox web connection at the moment.

    Code (csharp):
    1.  
    2. public void ExecuteWebConnection()
    3. {
    4.     ServicePointManager.ServerCertificateValidationCallback += Validator;
    5.     ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
    6.  
    7.     HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
    8.     request.ContentType = "application/x-www-form-urlencoded";
    9.     request.Method = "POST";
    10.  
    11.     byte[] postBytes = Encoding.ASCII.GetBytes("action=testconnection");
    12.  
    13.     Stream requestStream = request.GetRequestStream();
    14.  
    15.     requestStream.Write(postBytes, 0, postBytes.Length);
    16.     requestStream.Close();
    17.  
    18.     // grab te response and print it out to the console along with the status code
    19.     HttpWebResponse response = (HttpWebResponse)request.GetResponse();
    20.     userMessage.text = new StreamReader(response.GetResponseStream()).ReadToEnd();
    21.     Debug.Log(response.StatusCode.ToString());
    22. }
    23.  
    24. public static bool Validator (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    25. {
    26.     return true;    // for testing
    27. }
    28.  
    This all works fine on a local vm without https and will also work online if I enable Ssl3 to test this.
    But that is the problem. Ssl3 is not an option for security reasons. We only have Tls1.2 enabled.

    It seems tls1.2 support is coming in Unity2018.1 but this can't wait unfortunately.

    Code (csharp):
    1.  
    2. WebException: Error writing request: The authentication or decryption has failed.
    3. System.Net.WebConnectionStream.WriteHeaders ()
    4. System.Net.WebConnectionStream.SetHeaders (System.Byte[] buffer)
    5. (wrapper remoting-invoke-with-check) System.Net.WebConnectionStream:SetHeaders (byte[])
    6. System.Net.HttpWebRequest.SendRequestHeaders (Boolean propagate_error)
    7. UnityEngine.EventSystems.EventSystem:Update()
    8.  
    I've looked at many posts relating to this but most seem to point to http://www.mono-project.com/docs/faq/security/

    I don't know much about Ssl, tls or certs but I don't think the problem is with access to the cert as it works fine when I enable Ssl3 on the server but it never even reaches the Validator function when it fails.

    Any ideas?
     
  2. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,248
    Both WWW and UnityWebRequest should support proxies. There were some Unity releases where this was broken, but if you use the latest one, it should work in all supported versions of Unity.
     
  3. ls89

    ls89

    Joined:
    Feb 7, 2018
    Posts:
    2
    Thanks for your quick reply, do you have a code snippet of how to implement this? There is no mention of proxies in the docs and I'm not too familiar with them. Do I use the proxy address for the url and the put the actual address in the headers or something along those lines?
     
  4. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,248
    If the proxy is configured on a system, there is nothing you have to do, UnityWebRequest will pick that and use automatically.
     
  5. Allen0012

    Allen0012

    Joined:
    Sep 5, 2009
    Posts:
    88
    @Aurimas-Cernius Could you please confirm that 5.4.6f3 has this issue? Upgrading is not an option for me at this point. Is there any other options for me to try?
    Any connection to an HTTPS is failed if the user has any sort of VPN active on their Android device.
     
  6. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,248
    I don't this there was this issue on Android, it was specific to Editor and Standalones. Can you check the web requests using newer Unity versions to make sure they aren't there?