All geek questions in one place

Verifying SSL \ TLS Certificate in Unity

I have a problem with certificate verification in unity. Im uses the .Net class HttpWebResponse to make requests and provides a ServicePointManager.ServerCertificateValidationCallback callback function.

The certificate is signed with authority and works fine in a web browser.

Status check failed: X509ChainStatusFlags.PartialChain X509ChainStatusFlags.RevocationStatusUnknown X509ChainStatusFlags.OfflineRevocation

The problem, as I see it, is the empty root certificate stores and the empty CRL list. I opened the source code for Mono and found that this data should be obtained from the X509Store, but somehow it does not contain any Root or CRL certificates.

I need to perform the correct verification of the certificate, and not just skip it by returning true in the ServerCertificateValidationCallback or hardcode fingerprint of the certificates, and for this I need to provide all the necessary data.

Assuming I know the authority of Root, I can add it to the repository when the application starts. But this does not work with CRL. Platform - Android \ IOS.

Question: how can I force unity to install Roots and CRL?

+6
source share
1 answer

You can install the certificate through the X509Store. The installation is saved, so you only need to call once. According to X509Certificate2, create a certificate from Base64 or DER bytes. It can be exported using openssl: openssl x509 -inform DER -in YOUR_ROOT_CER.cer -out YOUR_BASE64_PEM.pem .

 private static void InstallCertificate(byte[] cert) { X509Certificate2 certificate = new X509Certificate2(cert); X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add(certificate); store.Close(); }

Pay attention to StoreLocation.CurrentUser , pointing to /data/data/<your.package.name>/.mono/ , and StoreLocation.LocalMachine - /usr/xxx/.mono on android.

0
source

Source: https://habr.com/ru/post/983904/

More articles:


All Articles