Search Issue Tracker

By Design

Votes

0

Found in

2018.3.0f2

Issue ID

1115214

Regression

No

Error of TlsException when System.Net.Http.dll is used for HTTP in the editor

Scripting

-

To reproduce:
1. Open attached project
2. Open Sample scene
3. Press Play
4. Check the console for the error

Actual result: System.Net.Http.dll is throwing an error
Expected result: System.Net.Http.dll should not throw an error

Reproduced with: 2018.3.0b6; 2013.3.5f1; 2019.1.0b2; 2019.2.0a4
Can't test on 2017.4; 2018.2 2018.3.0b5 due to errors

Error: TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: UNITYTLS_X509VERIFY_FLAG_NOT_TRUSTED

  1. Resolution Note (2019.2.X):

    `https://www.mocky.io` is misconfigured in that it only sends the leaf certificate but not any intermediaries. See: https://whatsmychaincert.com/?www.mocky.io

    Due to caching of intermediate most browsers will still trust this server since they can establish a chain of trust using the cached (or otherwise retrieved) certificate.
    Same applies to Microsoft's .Net/.NetCore implementation. However, other applications like curl will fail to connect to the server just as Unity does (note that the curl version preinstalled on recent Windows 10 versions will connect just fine, but a new one from https://curl.haxx.se/windows/ won't)

    We may be able to solve this issue by doing a verification via the system specific TLS api instead of using OpenSSL/MbedTLS to validate against root certificates as we do today, however this solution would then not work cross-platform. So we don't want to implement it today, as it would hide the misconfigured server from the user on some but not all platforms.

    To work around the issue at hand you can set your own verification callback via `System.Net.ServicePointManager.CertificatePolicy`. Sadly, today Mono doesn't implement neither HttpClientHandler.ClientCertificates nor HttpClientHandler.ServerCertificateCustomValidationCallback.

Comments (4)

  1. roar1827

    Apr 26, 2020 01:08

    Hi @ksakins - where did you apply that line of code? Thank you for your help- this has been a big rabbit trail for us trying to figure out what this issue was!

  2. ksakins

    Jan 23, 2020 00:44

    I ran into this issue calling a locally running ASP.NET Core API from Unity using HttpClient. The resolution note pointed me in the right direction.

    Adding the following, while maybe not suitable for all cases, worked for me:

    System.Net.ServicePointManager.ServerCertificateValidationCallback = (message, cert, chain, sslPolicyErrors) => true;

    Again, my game is calling a local web service that will be running on the user's machine, so I'm not as concerned about security issues.

  3. Nixdesign

    Dec 04, 2019 17:40

    Unity 2019.2.11f1

    "Curl error 35: Handshake failed. UnityTls error code: 7"

    I solved the problem by updating all the packages in the package manager ...

  4. Rem777

    Dec 02, 2019 10:40

    same error on 2019.2.12f1

    "Curl error 35: Handshake failed. UnityTls error code: 7"

    honestly from the information above do not understand how to fix this error.

Add comment

Log in to post comment

All about bugs

View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.