Search Issue Tracker
Fixed in 2018.2.X
Votes
8
Found in
5.3.5p1
Issue ID
842830
Regression
No
UnityWebRequest does not indicate that a SSL certificate is invalid
Steps to reproduce:
1. Open the project.
2. Hit play
3. Notice there is a webpage output to the Debug.Log which includes:
<div id="content">
<h1 style="font-size: 12vw;">
expired.<br>badssl.com
</h1>
</div>
Reproduced with: 5.3.6p7, 5.4.2f1, 5.5.0b8
Expected: UnityWebRequest somehow recognises that the SSL certificate is invalid, e.g. with an error, or failing in some way
Comments (2)
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Texture2D hash changes inside of an AssetBundle when rebuilding a SpriteAtlas bundle with an empty AssetPostprocessor Script enabled
- Aniso Level still applies when Generate MipMap is disabled in Texture Import Settings
- Mipmap Limit Groups long names are not truncated when creating a new Mipmap Limit Group with a long name
- “ArgumentException: Invalid double parameter.” error is thrown when Infinity is typed into the Fixed Timestep field
- GameObject becomes gray when using HDRP and STP together on macOS
nikki_sh
Jun 07, 2017 02:57
@NPSKIR yes, the "- No way to just say "trust self-signed" certificates " bothers us
npskirk
Feb 20, 2017 21:40
Overall it just seems like SSL/TLS was not even considered in the design of the UnityWebRequest API.
Problems:
- No way to simply have a certificate as an asset of the project and then trust that certificate when making HTTPS requests
- No way to have your own signing certificates that establish a chain of trust that you make yourself
- No way to just say "trust self-signed" certificates
- SSL-related errors are all "unknown error"
There are dozens of gripes about this on the forums -- these problems affect real uses cases in both development and production.