UnityWebRequest - Unable to complete SSL connection

Its unlikely but its what its happening. Try for yourself.

 

I'm also experiencing the same problem so I leave a post.
We use UnityWebRequest(to connect Google Cloud Speech) in UWP(Hololens),
but we've got the error in unity 2018.2.2.x ("Unable to complete SSL connection"), in unity 2018.3.x("Unknown error").
Not all Hololens, but some Hololens devices. I don't know the cause.
After many tests, I've tried it in unity 2018.1.9(using .NET 4.x), and finally it works.
But for this to work, we have to change our whole environment.
I would like to know how to solve this problem in Unity 2018.2 and later.

 

You can implement a custom certificate validation:
https://docs.unity3d.com/ScriptReference/Networking.CertificateHandler.ValidateCertificate.html

Code (CSharp):

1. UnityWebRequest www = UnityWebRequest.Get(getUrl);
2. MyCertificateHandler certificateHandler = new MyCertificateHandler();
3. www.certificateHandler = certificateHandler;
4. yield return www.SendWebRequest();

I don't know how it works exactly, but what will happen if the PUB_KEY changes? Can it change when renewed? How does it work? That would mean that it would give the same error as before and the game would have to be updated to work properly.

 

OK, so the question is why the certificate doesn't work in Unity. It's a paid certificate, 100% safe. It works on every device in any browser I've checked, but it doesn't work on those devices in a Unity build or editor.

 

OK, you can check this link:
https://appv1.skijumpgame.com:3020/hello

It works in every browser on my Win10 machine, but it shows "Unable to complete SSL connection" in the editor on the same machine.

 

Is there a possibility to let Unity do it's validation and when that fails make the custom CertificateHandler do its thing?

What we tried was the piece of code below, but apparently the base.ValidateCertificate() does not actually do anything, it just returns False.

Code (CSharp):

1. protected override bool ValidateCertificate(byte[] certificateData)
2. {
3.     bool validation = base.ValidateCertificate(certificateData);
4.  
5.     if (!validation)
6.     {
7.         X509Certificate2 certificate = new X509Certificate2(certificateData);
8.         // Do custom validation that puts it's result into the validation boolean.
9.     }
10.      
11.     return validation;
12. }

So that resulted in failing calls to our backend that have a redirect to a different domain with the actual data that we want to get. The call to our backend goes well because of the custom CertificateHandler but the redirect is handled by the same CertificateHandler and that would fail even though the Root CA was in the System Store because obviously the custom CertificateHandler was specifically made to accept only our own certificates.

 

Just to be clear, the certificates are issued by a trusted issuer, the problem is the system store being out-of-date or just missing trusted root ca's.

We can't implement custom validation for the domains that we get data from but don't have control over, that would mean that as soon as one of those domains changes their certificate a portion of our functionality would drop. There's also no way to actually add certificates to the system store in Unity or that Unity does this by itself like some browsers actually do.

Are those functionalities that Unity is working on or thinking about?

 

I have a Domain Validation 256bit certificate with 200k Euro guaranty, 100% sure it should be trusted, biggest company in Poland. Maybe this should be an OV or EV certificate?

 

(Hello guys
I might have some new insight on this issue. I recently started working on SSL connections on a little app I made and its been unsuccessful.
I will not post my whole problem here, but I did describe it on another post (https://forum.unity.com/threads/rest-request-to-ssl-server-failed-to-receive-data.651616/)

tl.dr: My application does not connect on my SSL server (despite any other software does) and returns an weird "Failed to receive data" message.
After exchanging some ideas with @JeffDUnity3D in the mentioned post, I found out that, when using Charles Proxy (a monitoring program) to monitor my REST requests, the requests actually worked, and when the program was shutdown, the requests just stopped working again.

I honestly don't know if the issues are related, but... :shrug:

If you guys need any info, I'll be watching both topics!

 

I face the same issue, only on some Android devices. Using latest 2018.3.11 version and 4.X Equivalent.

It's shocking to me that this has been a real problem for months, I think that there are enough cases here to know exactly who has the problem and that the problem is with Unity. With .NET Http it works, with UnityWebRequest it doesn't. With older versions of Unity it works, 2018.2+ it fails. I think it's pretty clear.

Any news on these? Or we have to assume that a lot of users will not be able to play our games because Unity is not working properly?

Kinda desperate at this point.

 

I left a post above because of the error that UnityWebRequest(to Google Cloud Speech) did not work properly on UWP(Hololens) after unity 2018.2.x.
My colleague resolved that problem with a makeshift solution, so I write it here.
After installing the Google Chrome browser on Hololens, UnityWebRequest works normally.
I don't know the exact reason, but with the idea of @eisenpony in other thread(https://forum.unity.com/threads/rest-request-to-ssl-server-failed-to-receive-data.651616/),
I guess that Chrome may have negotiating TLS connection attempts,
while Edge, the default browser of Hololens, does not support it.
Well, just to let you know.

 

I have similar issues.. also with Unity 2019.1

 

UPD: I reached topic where SEC_ERROR_UNKNOWN_ISSUER in Firefox browser interpreted as not installed SSLCertificateChainFile (*.ca-bundle file) or Intermediate Certificates in my case (several CA *.cer). So Chrome is working with only installed root certificate, as well as iOS requests are handled correctly, that's why I was mistakenly sure my certificates were set up correctly.


Hi guys,

while investigating the same issue from Editor (Unity 2018.2.20f1) find an interesting thing.
I've logged via Microsoft Network Monitor 3.4 different scenarios:
1) Fiddler is running, traffic is capturing, HTTPS traffic is decrypted – there is a normal request to the server.
2) Fiddler is running, traffic is capturing, but HTTPS traffic decryption is turned off – request doesn't reach the server.
In case traffic capturing is turned off, Network Monitor doesn't see any requests to the server at all.
The main difference between these two scenarios is that in case 1 - Destination is my domain name, but in case 2 there is an IP shown. As I understood certificate is giving for the domain name and connection can't be verified for the direct IP.
May it be a reason — that domain name is resolved before the certificate is checked?

 

My application is experiencing the same errors as most people here. We are using 2018.1.9f2.
Basically we get about 2000 error reports a day about people not being able to login via UnityWebRequest. However we have built in a downgrade system so if UnityWebRequest fails 5 times we switch to use WWW and that always succeeds.
This does limit us to upgrade to a newer Unity version but we are looking in to switching out WWW for
HttpWebRequest. And also since we use AWS as servers maybe the certificate might be old on certain devices. I found another thread on another forum.
https://community.playfab.com/quest...complete-ssl-connection-since-unity-2018.html

For us the problem is mainly Android but sometimes iOS devices has the same problem.

 

My team has encountered this problem intermittently for several months, and it is clearly this exact issue because visiting an HTTPS page in Edge resolves it. @Aurimas-Cernius, can you share any updates about how this is being addressed internally? This is becoming a major pain point both in our development team and among our customers and the "hacky" workaround required is not a good look for us at all.

 

@Tautvydas-Zilys We have a similar issue in most of our platforms (iOS, Android, Standalone).. very intermittent and is impacting some of our users. We would not like to have a custom validation added as we'll need to rebuild the app each time the certificate expires. Is there a fix planned?

 

Hello, I am experiencing the same issue using WWW to connect to api.paypal.com in Unity 2018.2 on Windows 10. Doesn't work either with the custom certification. Working fine in Unity 5.

 

We are also reproducing this issue too:

Here's are our latest findings.

1. Reproduces on a Hololens device when it is factory reset (responseCode=0)
2. Workaround by using edge to go to the url that is failing works

We have the following small reproducible example:

Code (CSharp):

1. public class RequestTest : MonoBehaviour
2. {
3.     void Start()
4.     {
5.         StartCoroutine(DoTheRequest());
6.     }
7.  
8.     IEnumerator DoTheRequest()
9.     {
10.         Debug.Log("DoTheRequest");
11.  
12.         string[] requests = new string[] {
13.             // Google (FAILS)
14.             "https://google.com/",
15.             "https://www.google.com/",
16.             "172.217.164.174", // (google.com), works but this forwards to HTTP so that makes sense
17.  
18.             // Cloudflare (SUCCESS)
19.             "https://spatial.is/",
20.             "https://api.spatial.is/",
21.  
22.             // Lets Encrypt (FAIL at first, then we browsed to the lift url with edge, and now both work!)
23.             "https://help.lyft.com/hc/en-us",
24.             "https://www.basketball-reference.com/",
25.  
26.             // DigiCert (SUCCESS)
27.             "https://s3.amazonaws.com/[REDACTED].json", // HL: success
28.             "https://www.cheatsheet.com/",
29.  
30.             // HTTP
31.             "http://www.baidu.com/",
32.             "104.193.88.77", //baidu ip1
33.             "104.193.88.123", //baidu ip2
34.         };
35.  
36.         foreach (string url in requests)
37.         {
38.             var r = UnityWebRequest.Get(url);
39.             yield return r.SendWebRequest();
40.             Debug.Log($"`{url}`: responseCode={r.responseCode}, isError={r.isNetworkError}");
41.         }
42.     }
43. }

1. We reproduced the issue with our api.spatial.is domains, Lyft, Google and basketball-reference.com
2. Once we moved our api to route through cloudflare (which now uses cloudflares certificate provider instead of "Lets Encrypt" that it was using before), all requests to api.spatial.is work fine!
3. To confirm our theory that this issue may be related to certificate provider, we tried the following
   1. We confirmed again that both lyft.com and basketball-reference.com still weren't working:
      `https://help.lyft.com/hc/en-us`: responseCode=0, isError=True
      `https://www.basketball-reference.com/`: responseCode=0, isError=True
   2. Closed the app
   3. Opened the Edge browser on Hololens and went to "https://help.lyft.com/hc/en-us"
   4. Re-ran the same app and confirmed that both lyft.com and basketball-reference.com requests now work!
      `https://help.lyft.com/hc/en-us`: responseCode=200, isError=False
      `https://www.basketball-reference.com/`: responseCode=200, isError=False

Since switching our specific api to route through cloudflare, our issue is resolved but the larger issue still exists and this sounds like a pretty large issue to me.
Another thing we confirmed is that adding the following code makes all requests work fine (code 200) (this is including Lyft, Google and the old api.spatial.is that was using Lets Encrypt):

Code (CSharp):

1.         // (...)
2.  
3.         foreach (string url in requests)
4.         {
5.             var r = UnityWebRequest.Get(url);
6.             // this certificate handler
7.             r.certificateHandler = new AcceptAllCertificatesSignedWithASpecificKeyPublicKey();
8.             yield return r.SendWebRequest();
9.             Debug.Log($"`{url}`: responseCode={r.responseCode}, isError={r.isNetworkError}");
10.         }
11.     }
12. }
13.  
14. class AcceptAllCertificatesSignedWithASpecificKeyPublicKey : CertificateHandler
15. {
16.     protected override bool ValidateCertificate(byte[] certificateData)
17.     {
18.         return true;
19.     }
20. }

 

Has this problem been fixed for you yet?
I am beginning to do https web calls and I am not sure if UnityWebRequest would be ok for Android / iOS.

 

On my side even with the code for acceptallcertificates it's still failing on several devices with error 0. We also figured out that one Centos 7 WM allow use to reproduce issue 100% of time where android and PC are quite client random.

edit :
using UnityWebRequest.Post not GET
Unity 2019.2.0b7

 

We are actually having the same issue here, we are in the process of going through Unity 2017 to 2018 LTS on .Net 4.x and our Android Automation farm report the same error UnityWebRequest - Unable to complete SSL connection. We saw an increase of our user base having those kind of error since our rollout that we had to halt.

Any update or clue on this?

 

My previous post was very detailed as to how to reproduce this bug. We're still experiencing this issue, and growing frustrated with unity support because they closed my bug report.

https://forum.unity.com/threads/uni...ete-ssl-connection.566380/page-2#post-4660274

Support request: https://fogbugz.unity3d.com/default.asp?1160563_hvkotq133vn17e2r

 

I've just stumbled across this thread trying to figure out why I am getting a 403 from a call to UnityWebRequest to simply download a text file from an HTTPS address, the same address my browser has no difficulty accessing.

So is my issue the same as this thread topic? And if so....its this problematic to download just a text file?

 

Thanks, found out it was as you say a missing credentials!

 

Just adding that I've experienced this same issue with some of my users. (I'm using Unity 2018.4.5f1).

Interested in the solution so reduce my support requests

 

I've submitted a Feedback hub issue for Hololens here: https://aka.ms/AA5r902 (please upvote!)

 

I'm using WWW and sending an API request. The response JSON has an array of 39 elements. Even in the editor I'll able to view only half of the JSON and not completely. It's throwing the error unable to complete SSL connection. Even in the editor.

 

@Tautvydas-Zilys do you have an update on when the fix will be available?

 

@Tautvydas-Zilys I appreciate that. If you have any rough ETA, that would be great.

In case the ETA is longer than a week, is there any recommended workaround for the moment? We are currently upgrading to prepare for HL2 and therefore need to use 2018.4 (or higher). We've switched to http for testing purposes but can't test the full system since some urls we are calling we don't control (and therefore can't use http with them).

The workarounds I've personally read about involve ServicePointManager which is not available on HoloLens.

 

hi.
i was working on an unity project and i have a problem with paypal api calls. i found that the next code is working ok in unity 2017.1.2 but when i ported my project to unity 2018.2.8f1 it begun to give the error: "Unable to complete SSL connection" on the following method:

Code (CSharp):

1.     IEnumerator MakePayAPIcall() {
2.  
3.         Dictionary<string,string> headers = new Dictionary<string, string >();
4.  
5.         headers.Add("Accept","application/json");
6.         headers.Add("Accept-Language","en_US");
7.         headers.Add("Authorization","Basic " + System.Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes( clientID + ":" + secret)));
8.  
9.         WWWForm postData = new WWWForm();
10.  
11.         postData.AddField("grant_type", "client_credentials");
12.  
13.         string endpointURL = StoreProperties.INSTANCE.isUsingSandbox () ?
14.             "https://api.sandbox.paypal.com/v1/oauth2/token" :
15.             "https://api.paypal.com/v1/oauth2/token";
16.  
17.         WWW www = new WWW(endpointURL, postData.data, headers);
18.  
19.         Debug.Log("Making call to: " + endpointURL);
20.  
21.         yield return www;
22.  
23.         //if ok response
24.         if (www.error == null) {
25.             Debug.Log("WWW Ok! Full Text: " + www.text);
26.             handleSuccessResponse (www.text);
27.  
28.         } else {
29.             Debug.Log("WWW Error: "+ www.error);
30.             handleErrorResponse (www.text, www.error);
31.         }  
32.     }

Like i said it works without problem in unity 2017.1.2f1. it seems like is an unity error. i want to know if somebody has found a solution for that problem.
Thanks in advance.

 

Sorry by the double post, but really i am very interested in find a solution for this problem, and i did read that unity will correct it in the 2018.4 release. my question is will that correct the problem using WWW objects like showed in my previous post ? or only will correct the problem using unitywebrequest ?.
Thanks in advance.

 

Hi.

My target platform is pc (pc, mac and linux standalone)

 

Our client is built with 2018.4.6f1 LTS and we're still experiencing loads of Unable to complete SSL connections every day across all platforms. Here are SSL errors we've seen from our users in only the past 12 hours. Our user base is mostly Android so the error rates are proportional:


@Aurimas-Cernius @Tautvydas-Zilys
What are your recommendations?

 

Actually Yesterday I am working with inserting data in my site. It is working fine and good. Today itself i have received the error .WW Error: Unable to complete SSL connection

Code (csharp):

1.  
2.   public string Str_Insert = "https://www.oursite.com/PHPInsert22.php";
3.  public void PUB_Insert()
4.     {
5.         WWWForm form = new WWWForm();
6.         form.AddField("ID", Str_ID);
7.         form.AddField("Name", Str_ChildName);
8.         form.AddField("School", Str_School);      
9.  
10.         WWW nnn = new WWW(Str_Insert, form);
11.         StartCoroutine(PUB_InsertingData(nnn));
12.     }
13.  
14.     public IEnumerator PUB_InsertingData(WWW www)
15.     {
16.         yield return www;
17.         WWWForm form = new WWWForm();
18.         if (www.error == null)
19.         {
20.             STR_Result = "Inserted";
21.         }
22.  
23.         else
24.         {
25.             STR_Result = "Error";
26.             Debug.Log("WWW Error: " + www.error);
27.         }
28.  
29.     }
30.  

What is the exact solution for this problem...