Search Unity

  1. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

UnityWebRequest - Unable to complete SSL connection

Discussion in 'Editor & General Support' started by TitanUnity, Oct 8, 2018.

  1. BestHTTP

    BestHTTP

    Joined:
    Sep 11, 2013
    Posts:
    1,661
    @jotamaza @NakOhz

    The download speed now should be about the same as a native implementation since v2.2.0.

    By default the plugin accepts all certificates, but by using the TLS Security Addon you have full control over TLS certificate validation and what certificates (root and intermediate) you want to trust.

    As a plus, both the plugin and addon has the very same behavior on all supported platforms (except under WebGL where the plugin can be only a wrapper over XmlHTTPRequest), no additional setting or workaround needed for various platforms.
     
  2. Alexander21

    Alexander21

    Joined:
    Dec 14, 2015
    Posts:
    302
    Past Few Days the error Comes again. Whats the reason....Some times i cant connect to the database even net is working.

    Did i want change something in code or in SSL certificates?
     
  3. ina

    ina

    Joined:
    Nov 15, 2010
    Posts:
    1,075
    Experiencing this issue randomly in cases of posting both an audio file and image to server. It seems to work sometimes but not other times. Server SSL passes the usual SSL online tests. Unity 2020.1.14f1 iOS

    V2021-03-06 23:54:43.875617-0800 appname[6231:1594419] [tcp] tcp_output [C27.1:3] flags=[R.] seq=400190022, ack=457886080, win=2048 state=CLOSED rcv_nxt=457886080, snd_una=400190022

    2021-03-06 23:54:43.876132-0800 appname[6231:1594419] Connection 27: received failure notification

    2021-03-06 23:54:43.876210-0800 appname[6231:1594419] Connection 27: failed to connect 3:-9816, reason -1

    2021-03-06 23:54:43.876241-0800 appname[6231:1594419] Connection 27: encountered error(3:-9816)

    2021-03-06 23:54:44.026903-0800 appname[6231:1593593] [boringssl] boringssl_context_handle_fatal_alert(1763) [C34.1:2][0x14c668640] read alert, level: fatal, description: protocol version

    2021-03-06 23:54:44.027445-0800 appname[6231:1593593] [boringssl] boringssl_session_handshake_incomplete(90) [C34.1:2][0x14c668640] SSL library error

    2021-03-06 23:54:44.027503-0800 appname[6231:1593593] [boringssl] boringssl_session_handshake_error_print(41) [C34.1:2][0x14c668640] Error: 5545878584:error:1000042e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION:/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-351.40.2/ssl/tls_record.cc:592:SSL alert number 70

    2021-03-06 23:54:44.027560-0800 appname[6231:1593593] [boringssl] nw_protocol_boringssl_handshake_negotiate_proceed(767) [C34.1:2][0x14c668640] handshake failed at state 12288: not completed

    2021-03-06 23:54:44.028065-0800 appname[6231:1593593] Connection 34: received failure notification

    2021-03-06 23:54:44.028146-0800 appname[6231:1593593] Connection 34: failed to connect 3:-9836, reason -1

    2021-03-06 23:54:44.028177-0800 appname[6231:1593593] Connection 34: encountered error(3:-9836)

    2021-03-06 23:54:44.028979-0800 appname[6231:1593593] Task <8513830E-7B7C-4C71-B959-003189769A30>.<18> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9836])
     
  4. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,703
    This looks like connection issue? Are you on Wi-Fi?
     
  5. cmersereau

    cmersereau

    Joined:
    Nov 6, 2020
    Posts:
    52
    My team and I are experiencing some irregular issues as described in the OP. Our difficulty is that the error is being produced through a Unity developed SDK, the Player Identity package. So it is a system that is totally out of our control to debug and fix. Not sure if there are any dots that can be connected internally for Unity between this post and the development team, but it would be great for this to be resolved in a package that you yourselves have made.
     
  6. ebelkin

    ebelkin

    Joined:
    Jan 17, 2018
    Posts:
    1
    In our case the server-side certificate did not contain full chain of trust. Some clients could build that chain, and some could not. Try to Google "ssl chain of trust" and see how you can alter your server-side certificate to include it. Hope this helps.
     
  7. peterfiftyfour

    peterfiftyfour

    Joined:
    Jan 8, 2016
    Posts:
    20
    Hey all, I have been getting this same error "unable to complete SSL connection" using unity 2020.3.5f1 and trying to access a site hosted on Netlify. It should be easy to reproduce - if you create a new site from git on netlify then go into unity and try access it with something like this (just using the default netlify provided url you dont need a custom domain):

    Code (CSharp):
    1.     private IEnumerator Request()
    2.     {
    3.         using (UnityWebRequest req = UnityWebRequest.Get("https://....."))
    4.         {
    5.             yield return req.SendWebRequest();
    6.  
    7.             while (!req.isDone)
    8.             {
    9.                 yield return null;
    10.             }  
    11.  
    12.             byte[] result = req.downloadHandler.data;
    13.         }
    14.     }
    You should get the error. It will always fail to get any result :(

    This is not happening in 2019.2.5f1 with the exact same setup

    Not sure if this will help identify the issue but I'd love to know how to fix it in 2020.x

    Also the trick of setting the validator to always return true does not work :'(
     
  8. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,703
    When accessing Nelify site in the browser I see that it uses TLS 1.3. Unity only supports up to TLS 1.2, so if that site does not have a fallback, Unity won't be able to access it.
     
  9. peterfiftyfour

    peterfiftyfour

    Joined:
    Jan 8, 2016
    Posts:
    20
    Since it's working in unity 2019.2.5f1 that must count for something though right?
     
  10. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,703
    IIRC 2019.2 did not perform any validation, just ensured the encryption is correct. But yes, that sounds like something to look into. Could you report a bug for it?
     
  11. ioesten

    ioesten

    Joined:
    Feb 19, 2018
    Posts:
    14
    Has a bug been reported?
    Am experiencing the same issue with netlify calls, but only started recently without change of Unity version (2020.2.1f1). Code that worked fine in the past has this month stopped working and giving us "Unable to complete SSL connection", log file shows "Curl error 35: Handshake did not perform verification. UnityTls error code: 7"
     
    Mage-Co likes this.
  12. MonsW

    MonsW

    Joined:
    Feb 4, 2019
    Posts:
    11
    Hi I hope the topic is still kinda active, I am hitting a similar issue at the moment. Working on a standalone windows .exe using Unity 2018.4.36f1 LTS.

    Code (CSharp):
    1.     // Based on https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#.Net
    2.     class AcceptAllCertificatesSignedWithASpecificKeyPublicKey : CertificateHandler
    3.     {
    4.  
    5.         // Encoded RSAPublicKey
    6.         private static string PUB_KEY = "XXXXXXXXXXXXX";
    7.  
    8.         protected override bool ValidateCertificate(byte[] certificateData)
    9.         {
    10.             X509Certificate2 certificate = new X509Certificate2(certificateData);
    11.             string pk = certificate.GetPublicKeyString();
    12.  
    13.             Debug.Log(pk);
    14.             if (pk.ToLower().Equals(PUB_KEY.ToLower()))
    15.             {
    16.                 Debug.Log("match");
    17.                 return true;
    18.             }
    19.             return false;
    20.         }
    21.     }  
    22.  
    23. IEnumerator httpWebRequest()
    24.     {
    25.         {
    26.             WWWForm formData = new WWWForm();
    27.             formData.AddField("username", "test");
    28.             formData.AddField("password", "test");
    29.             UnityWebRequest www = UnityWebRequest.Post("https://........", formData);
    30.             www.certificateHandler = new AcceptAllCertificatesSignedWithASpecificKeyPublicKey();
    31.  
    32.             www.chunkedTransfer = false;
    33.             yield return www.SendWebRequest();
    34.  
    35.             if (www.isNetworkError || www.isHttpError)
    36.             {
    37.                  UnityEngine.Debug.Log("error " + www.error.ToString());
    38.             }
    39.             else
    40.             {
    41.                 UnityEngine.Debug.Log(www.downloadHandler.text);
    42.             }
    43.         }
    44.  
    45.         yield return null;
    46.     }
    My CertificateHandler does return true but I get afterwards: "Unable to complete SSL connection".
     
  13. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,703
    Does the same happen if you use newer Unity version?
    Unfortunately, 2018.4 is no longer supported.
     
  14. MonsW

    MonsW

    Joined:
    Feb 4, 2019
    Posts:
    11
    My project cannot be moved to a further version of Unity at the moment, too many things would break. I am trying to work around the issue an implement things directly using System.net but Unity throws me exceptions that don't come up in a native c# app.

    Code (CSharp):
    1. httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => {
    2.                     if (sslPolicyErrors == SslPolicyErrors.None)
    3.                     {
    4.                         return true;   //Is valid
    5.                     }
    6.                     if (cert.GetCertHashString().ToLower() == "XXXXXXXXXXX")
    7.                     {
    8.                         return true;
    9.                     }
    10.                     return false;
    11.                 };
    12.  
    NotImplementedException: The method or operation is not implemented. System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback
     
  15. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,703
    I understand that. I mean just extracting the UnityWebRequest code and using it in new project made using latest Unity. That may give you a more descriptive error, that could help with your issue even on older version.
    BTW, are you using self-signed certificate or some other reason for custom validation?
     
  16. MonsW

    MonsW

    Joined:
    Feb 4, 2019
    Posts:
    11
    Yes it is self signed which is hwy I made a custom valisation. In anycase even when returning true all the time, I get those errors. I have tried on Unity 2020, I get this:

    Curl error 60: Cert verify failed: UNITYTLS_X509VERIFY_FLAG_UNKNOWN_ERROR


    and

    error SSL CA certificate error
     
  17. TheFellhuhn

    TheFellhuhn

    Joined:
    Feb 3, 2017
    Posts:
    42
    This worked for me:

    Code (CSharp):
    1. var certificate = new X509Certificate2(certificateData);
    2. string pk = certificate.GetPublicKeyString();
    3. if (pk == AcceptedKey) return true;
    4.  
    5. var ce = new X509Certificate2(Convert.FromBase64String(pem));
    6. var ce2 = new X509Certificate2(Convert.FromBase64String(pem2));
    7. X509Chain chain = new X509Chain(true);
    8. chain.ChainPolicy.ExtraStore.Add(ce);
    9. chain.ChainPolicy.ExtraStore.Add(ce2);
    10. chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
    11. chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
    12. bool okay = chain.Build(certificate);
    13. if (okay) AcceptedKey = pk;
    14. return okay;    
    15.  
    It is important to use the correct PEMs etc though.
     
  18. MonsW

    MonsW

    Joined:
    Feb 4, 2019
    Posts:
    11
    Thanks for showing what works for you but I am not sure where this fit. Does this go into a custom certificate handler? I don't understand why my current handler would raise errors (even when forcing it to return true).

    Am I supposed to download the .pem and pack them into my software?


    EDIT: Getting a closer look at your code, I am still going out of the Validate function at pk == acceptedKey because it is true and it still raises UNITYTLS_X509VERIFY_FLAG_UNKNOWN_ERROR .
    The issue happens even if my certification handler returns true.
     
    Last edited: Dec 2, 2021
  19. TheFellhuhn

    TheFellhuhn

    Joined:
    Feb 3, 2017
    Posts:
    42
    The pem are integrated into the software. Downloading them isn't really viable as you most likely can't reach the servers you would host them on. ;)

    The code is the ValidateCertificate function of a custom CertificateHandler. It gets added to each web request via
    Code (CSharp):
    1. request.certificateHandler = new CustomCertificate();
    (pk == acceptedKey) should only be true if the validation was successful once so that you don't have to go through the whole function with each web request. If it is true during your first call then GetPublicKeyString returns an empty string and something else is wrong.

    EDIT: And the acceptedKey is of course static so that each certificate handler instance shares one value
     
    Last edited: Dec 2, 2021
  20. cmersereau

    cmersereau

    Joined:
    Nov 6, 2020
    Posts:
    52
    Just now saw your response. This is way after the fact, but as I mentioned in my comment the code was not our code. It was a call from a Unity built SDK hitting a Unity server. So there wasn't anything for my team to address, as we weren't in charge of the certificates :/
     
  21. Ark_Tarusov

    Ark_Tarusov

    Joined:
    Jun 24, 2016
    Posts:
    20
    Hello! Could you provide any news on this matter? Is there a link to the bug tracker?
     
  22. MrG

    MrG

    Joined:
    Oct 6, 2012
    Posts:
    363
    Is this still broken in Unity 2020.3.29?
     
  23. EyeDev44

    EyeDev44

    Joined:
    Apr 8, 2017
    Posts:
    149
    Reproduces in Unity 2021.3.12f
     
  24. Coderious

    Coderious

    Joined:
    Mar 28, 2020
    Posts:
    26
    Happened to 1 user (potentially a second one but not confirmed) out of a few hundreds players on Unity 2021.3.23f1