Uniy 2018.2 Https webrequest failes on latest Hololens OS udpate

This is kind of a bad coincidence.
With 2018.2 Unity decided to support proper certificate validation, while Microsoft Updated their Hololens so with the latest OS version the local certificate store is broken, outdated, I don't know...

The result is: a https request fails as if you were on a different target platform and just returned false in the certificate handler.

Does anyone know how to force a Hololens to Update it's certificate store?
Or how to bypass the check in Unity? Overriding the Webrequest certificate handler is not supported on UWP...

I opened up case 1076758 last week , but I have not yet received an answer to this. It's probably completely on microsofts side...

 

@JasonCostanza yes, I also filed it here since that was where I was directed to from where they stated their knowledge about the bug. That's what they've written:

This is a tough one for our application. Would you mind updating me as soon as you know when this will be fixed or at least how to disable the check within Unity?

 

@JasonCostanza can you give me any update on the matter? Anyone I can contact too? Unfortunately this is a real breaker for my project.

 

@JasonCostanza I still appreciate the effort, thanks for doing it.

 

@Aurimas-Cernius thanks for asking this. I realized that it is possible to override the certificate handler on UWP when you do not use the encryption namespace. So I did that and just returned true. Despite the fact that this threw a NotImplementedException, the https request just worked.
This monday, it just started working again and I have not the slightest idea why.

 

@Aurimas-Cernius The error came back. I am loading an Image from our Website in our Unity app, which works on Desktop, Oculus Go and Mixed Reality Portal. It does not on the Hololens.
I have found no way to dig deeper into what certificates are allowed on the Hololens, how it's local certificate store looks like, if I could manually add certificates.... it just does not work.
Any news from the Devs you were talking about?

For recap:
I could override the Certificate handler to always return true, but that's not really secure now is it? I cannot add my certificate manually as the corresponding namespace is not available.
Edit: On Hololens I can not as the use of a certificate handler is not implemented.

 

@Aurimas-Cernius I found a workaround I would like to avoid.
When I visit each page in Microsoft's Edge browser, the certificates seem to get downloaded and I can use my app.
I'd rather do this within Unity. Is that possible?

 

Would be nice if Unity did this by default, I haven't found a way to do this from within Unity. Did you?

 

We're facing a similar issue. We need to visit our site in Edge to get things working. Are there any updates on this?

 

You are? That's nice to know. Will the final solution, whatever it will be, be posted here?

 

Is there any update on this? I'm also currently facing this issue while deploying to a HoloLens.

 

Hi there
Is it available in Unity 2019?

 

Nice, but now I have a new error message in the log.

Curl error 51: Cert verify failed: UNITYTLS_X509VERIFY_FLAG_NOT_TRUSTED
and then i have Unknown error (same as before)

I got my certificate with lets encrypt. Once i load the site in Edge on the Hololens, it is also working in the app.

Did you manage to have a https request in hololens working without first fetching the certificate in Edge?

 

I got this Curl error message in 2019.3.
Before I was using 2019.1, I only saw the Unknown error message (but i did not try to prefetch the certificate with Edge)
I've also tried 2020.1.0.a4 but I may have other migration issues, our app does not run.

 

What is the state of the fix in 2018? Is it in 2018.4.10f1?

 

@Tautvydas-Zilys using this thread as a good example:

Would it be possible to change how bug reports and their fixes are published to the community? I mean, there are public and private issues so you're not even able to view them all. Crawling all the release notes of every version is cumbersome because you don't even know how it's describe. Even in here, everybody is asking for when and where fixes land, generating unnecessary work. And on top of most of these, we might be waiting for several fixes, so we basically need to run our own excel sheet that points out which fixes went into what versions to find a version with the least common multiple.

Would it be possible to let users subscribe to bugs they need fixed, which in turn automatically provides them the version they's need to download to get to current most fixed state?

Asking about every fix every time, having access to the issue tracker or not, knowing the naming of a bug or not... that's quite tedious don't you think?

 

Same problem on 2019.2.17f1... Any solution?

 

Hello everyone. I have a workaround at least for 2019.2.0f

1. Create a class that inherits from UnityEngine.Networking.CertificateHandler

Code (CSharp):

1.  
2. using UnityEngine.Networking;
3. public class CertHandler : CertificateHandler
4. {
5.     protected override bool ValidateCertificate(byte[] certificateData)
6.     {
7.         return true;
8.     }
9. }
10.  

2. Add an object of this class to every UnityWebRequest object BEFORE sending.

Code (CSharp):

1.  
2. var req = UnityWebRequest.Get(url);
3. req.certificateHandler = new CertHandler();
4. req.SendWebRequest();
5.  

3. Celebrate victory

Hope this helps someone!

 

@Anagr you are awesome!!! This helped me tremendously. Thank God for you!!! Keep up the good work.

 

You are welcome

 

Just to be clear. This disables the certificate validation completely. Not something you would want, especially when you're communicating sensitive information.

 

Yep, suddenly. It is not a best way, and it does not work for Android builds when they running on devices/emulators

 

Tested with the latest 2019.3 and it works now without the Cert error!
I almost gave up on this weird bug.

 

Yeah and since HL1 is not available anymore and HL2 is about to replace it, hopefully this fixed more than just that bug on the HL1, otherwise I probably feel sorry for whoever fixed that

 

You are absolutely right and thanks for pointing that out. I will be enabling full certificate validation when it is on the device. I just needed it to work during the development phase.

 

Thank you

 

@Tautvydas-Zilys I'm also getting
Curl error 51: Cert verify failed: UNITYTLS_X509VERIFY_FLAG_NOT_TRUSTED

Unity version: 2019.4.5
Device OS: Android API-22 and below (Android 5.0.2 and below)
I
gnoring the certificate it's not an option for us, so I cannot support my product for devices with 5.0.2 and below... Do you know if there's any update on this part?

 

Thank you so much, @Anagr. I've been stuck on this problem for almost a week now and just stumbled upon this fix!

 

I have the same problem with the Hololens 1, could you give me more information on where and how to add these codes. Please.