CODEWITHSUNDEEP
c#sslunity-game-enginehttpsmono
Grindz
Grindz

Reputation: 236

Getting SSL Certificates onto Android Device Thru Unity Mono

Problems arose when trying to make https calls with the HTTPWebRequest class and getting back TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a when trying to GetRequest(). Which also re-throws later as "The authentication or decryption has failed."

So going off of this link http://www.mono-project.com/docs/faq/security/ and various questions on SO (which are all from 2013 or earlier...), I've concluded that the issue is that mono does not have root certificates installed by default. The FAQ points to using a newer version of mono (3.1), which is impossible since unity if still on 2.x version of mono. or using the mozroots.exe file to load the certificates.

But I'm not sure how to run mozroots on a Mac for development, or include the certificates in a project so when i build for android it includes the certs for the phones use.

Also most people recommend overriding ServicePointManager.ServerCertificateValidationCallback to return true but this effectively bypasses the SSL validation, which is not acceptable. If anyone can point us in the right direction as to a procedure for either using the pre-installed phone certs that the OS normally uses with HTTPWebRequest, or import the certs from the phone/project to the mono cert store, that would be greatly appreciated.

Upvotes: 3

Views: 1845

Answers (1)

sakiM
sakiM

Reputation: 4932

As you known, mono didn't contain root CA certs. A workaround is that install root certs from android system:

  1. Read all certs on Android.
  2. Receive these certs on C# side(inside mono).
  3. Install certs into mono env.

The following code snippet can fetch all CA issuers on Android device.

// Load CAs from an InputStream
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// Initialise the TMF as you normally would, for example:
tmf.init((KeyStore)null);
TrustManager[] trustManagers = tmf.getTrustManagers();
final X509TrustManager x509Tm = (X509TrustManager)trustManagers[0];
//trusted certificate issuers
X509Certificate[] issuers = x509Tm.getAcceptedIssuers();
//for-each
//byte[] caCert = issuers[i].getEncoded();

The android passes byte[] to C# interface can refer to this.

About how to install a cert into mono env can refer to this answer, mainly based on X509Store.

Notice that cert encode format and store path(StoreLocation.CurrentUser).

Upvotes: 1

Related Questions