Using Unity from app to access our netlify site gives ssl problems

JakobJJ · December 2, 2021, 12:44pm

I know that this is not a Unity forum but I have asked unity aswell and still waiting for a reply. But still wanted to know if we are doing something wrong on our netlify side. Is there a domain/certification setting we are missing?

We are using Unity when creating a android app. We have our site located on netlify. But when trying to use functions from the site or even just trying to do a simple get from our main site
https://www.pluggamedbilder.se through our android app or from unity editor it gives me this error in Unity. And as a sidenote it even gives me this error if im trying to get from https://www.netlify.com.

Curl error 60: Cert verify failed: UNITYTLS_X509VERIFY_FLAG_USER_ERROR1
SSL CA certificate error

I know unity accepts up to SSL1.2.

The code im running to test this with looks like this in Unity C#

using System.Collections;
using UnityEngine;
using UnityEngine.Networking;

public class TLSTesting : MonoBehaviour
{
void Start()
{
StartCoroutine(“WebTest”);
}

IEnumerator WebTest()
{
    string url = "https://www.pluggamedbilder.se";

    Debug.Log(url);
    var request = new UnityWebRequest(url);//Making a simple get request

    yield return request.SendWebRequest();

    if (request.result == UnityWebRequest.Result.ConnectionError)
    {
        Debug.Log("CONNECTION ERROR");
        Debug.Log(request.error);
    }
    else if (request.result == UnityWebRequest.Result.ProtocolError)
    {
        Debug.Log("PROTOCOL ERROR");
        Debug.Log(request.error);
    }
    else if (request.result == UnityWebRequest.Result.DataProcessingError)
    {
        Debug.Log("DATA PROCESSING ERROR");
        Debug.Log(request.error);
    }
}

}

marcus · December 2, 2021, 1:14pm

This might be related to outdated root certificates loaded by the Unity SDK.

Let’s Encrypt published a blog post about one of the intermediates expiring: Extending Android Device Compatibility for Let's Encrypt Certificates - Let's Encrypt

There are 2 choices:

Use a TLS client that accepts expired intermediates (default for old Android devices)
Use a CA root chain that contains the certs to verify the newer Let’sEncrypt Intermediate

JakobJJ · December 2, 2021, 5:41pm

Thanks for the suggestions. I will look into it. It is just frustrating because it should not be this complicated …

marcus · December 2, 2021, 10:25pm

I have never heard of this specific problem before. I’m willing to dig into this with you if that means that future customers will be able to learn from what we dig up.

I expect you’re able to load the site fine in a browser on that device?
Can you gather more details about the HTTP/TLS client that Unity is using?
How does the client load the CA certificates?
Have you tried using some other HTTP client instead?

I found these docs, but am not sure what to make of it: Unity - Scripting API: Networking.UnityWebRequest.certificateHandler

Most of the search result for that Curl error point me to outdated or missing CA roots: link 1 link 2 link 3

Looks like you also posted on the Unity forums? https://forum.unity.com/threads/webrequest-fails-with-curl-error-60-cert-verify-failed-unitytls_x509verify_flag_user_error1.1206283/

JakobJJ · December 2, 2021, 11:55pm

That would be great if we could solve this.

The site loads fine in a browser and on browser on the device. But as soon as i try to do a get from my unity game it does not work.
What i can see Unity is using up to TLS1.2
Not sure.(Will try to find out)
I have tried .Net http client and Unitys but dont think it is much of a different between them. There seems to be some other http clients that one can purchase on the Unity assetstore.

The CertificateHandler found this :

“Usually Unity would handle the certificate automatically and validate it against known root certificates or ignore them completely depending on the platform:”

have tried to use it but to no awail.

marcus · December 3, 2021, 11:16am

Are you able to try your game on a different platform, e.g. your desktop? Does it work there?

The key to solving this likely is to find out what CA roots this client uses.

WoodsFiend · February 18, 2022, 8:58pm

This issue has been happening for us as well when trying to download images from Netlify in our Unity game. This happens when we test both in Editor and Windows builds. I have tried every solution suggested in Unity forums to no avail.

Here is a simple Unity Project that shows the issue GitHub - WoodsFiend/ImageDownloadTest: Unity Project to test downloading image

This began several months ago and I believe has something to do with the certificate chain.

hrishikesh · February 19, 2022, 5:57pm

Hey @WoodsFiend,

Based on the thread above, the error is because of Unity and not Netlify. You might have to reach them for assistance.