Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

unity3d - UnityWebRequest change to https

I had working infrastructure of unity android app and site api working under http.

Recently I have switched the server and applied ssl certificate. Now my api is under https.

In unity app I'm using UnityWebRequest to communicate with my api. The logical change after switching to https will be changing all api addressees within the app from http to https. I did this, but my api is behaving weirdly. (Giving my own error status as a response all the time, whereas giving good response on old server without certificate.)

Is there anything extra I need to change with the switch to https?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Usually Unity would handle the certificate automatically and validate it against known root certificates or ignore them completely depending on the platform:

UnityWebRequest.certificateHandler:
Setting this property to null makes the platform use the default certificate validation. Some platforms will validate certificates against a root certificate authority store. Other platforms will simply bypass certificate validation completely.

Using a self-signed certificate, however, will fail if Unity decides for the first.


So, for https with a self-signed certificate you might have to implement a CertificateHandler that implements the method ValidateCertificate.

You could either simply bypass the certificate by accepting them all (which is easier but ofcourse would make the https kind of pointless)

public class BypassCertificate : CertificateHandler
{
    protected override bool ValidateCertificate(byte[] certificateData)
    {
        //Simply return true no matter what
        return true;
    }
} 

Or try this example from the docs with your public key

// Based on https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#.Net
class AcceptAllCertificatesSignedWithASpecificPublicKey : CertificateHandler
{
    // Encoded RSAPublicKey
    private static string PUB_KEY = "30818902818100C4A06B7B52F8D17DC1CCB47362" +
        "C64AB799AAE19E245A7559E9CEEC7D8AA4DF07CB0B21FDFD763C63A313A668FE9D764E" +
        "D913C51A676788DB62AF624F422C2F112C1316922AA5D37823CD9F43D1FC54513D14B2" +
        "9E36991F08A042C42EAAEEE5FE8E2CB10167174A359CEBF6FACC2C9CA933AD403137EE" +
        "2C3F4CBED9460129C72B0203010001";

    protected override bool ValidateCertificate(byte[] certificateData)
    {
        X509Certificate2 certificate = new X509Certificate2(certificateData);

        string pk = certificate.GetPublicKeyString();

        return pk.Equals(PUB_KEY));
    }
}

And add it to your request

using(var www = UnityWebRequest.Get("https://example.com"))
{
    //www.certificateHandler = new BypassCertificate();
    // Or
    www.certificateHandler = new AcceptAllCertificatesSignedWithASpecificPublicKey();

    yield return www.SendWebRequest();
    
    //...
}

Note: Custom certificate validation is currently only implemented for the following platforms - Android, iOS, tvOS and desktop platforms.

So on Android you should be fine.

The CertificateHandler is by default automatically disposed together with the UnityWebRequest so there is no more to do.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...