Validating SSL\TLS certificate in Unity

2019-02-22 03:21发布

站内问答 / Unity 3D
1559 1 4

I have a problem with certificate validation in unity. Im using .Net class HttpWebResponse to make requests and provided callback function to ServicePointManager.ServerCertificateValidationCallback.

The certificate is signed by authority and works fine in web browser.

The validation fails with statuses: X509ChainStatusFlags.PartialChain X509ChainStatusFlags.RevocationStatusUnknown X509ChainStatusFlags.OfflineRevocation

The problem, how I see it, is empty root certificate storage and empty CRLs list. I opened Mono source code and found that this data is supposed to be got from X509Store, but somehow it does not contain any of Root certificates or CRLs.

I need to implement correct validation of certificate, not just skip it by returning true in ServerCertificateValidationCallback or hardcode the certificates thumbprint, and for doing that I need to provide all the required data.

Supposing that I know the Root authority, I can add it to storage on application start. But it does not work with CRLs. The platform is Android\IOS.

The question is: How can I force unity to install Roots and CRLs?

标签: ssl unity3d
举报
1条回答
姐就是有狂的资本
2楼-- · 2019-02-22 03:47

You can install certificate via X509Store. The installation is persist so only need to call once. According to X509Certificate2 create a cert from Base64 or DER bytes. It can be exported by openssl: openssl x509 -inform DER -in YOUR_ROOT_CER.cer -out YOUR_BASE64_PEM.pem.

private static void InstallCertificate(byte[] cert)
{
    X509Certificate2 certificate = new X509Certificate2(cert);
    X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
    store.Open(OpenFlags.ReadWrite);
    store.Add(certificate);
    store.Close();
}

Make attentions to StoreLocation.CurrentUser pointed to /data/data/<your.package.name>/.mono/ while StoreLocation.LocalMachine is /usr/xxx/.mono on android.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)