Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Web Requests fail due to failure to validate certificate

See original GitHub issue

Unity 2017.1.0f3

Any attempt to get the package list causes the exception below. On project open, opening the explorer, and clicking refresh all result in the same.

The Exception:

System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] in <filename unknown>:0 
  at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
  at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename unknown>:0 
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 
  at System.Net.HttpWebRequest.GetResponse () [0x00000] in <filename unknown>:0 
  at NugetForUnity.NugetPackageSource.GetPackagesFromUrl (System.String url) [0x0004b] in C:\Users\jowitt\Source\NuGetForUnity\Assets\NuGet\Editor\NugetPackageSource.cs:301 
UnityEngine.Debug:LogErrorFormat(String, Object[])
NugetForUnity.NugetPackageSource:GetPackagesFromUrl(String) (at Assets/NuGet/Editor/NugetPackageSource.cs:313)
NugetForUnity.NugetPackageSource:Search(String, Boolean, Boolean, Int32, Int32) (at Assets/NuGet/Editor/NugetPackageSource.cs:207)
NugetForUnity.NugetHelper:Search(String, Boolean, Boolean, Int32, Int32) (at Assets/NuGet/Editor/NugetHelper.cs:777)
NugetForUnity.NugetWindow:UpdateOnlinePackages() (at Assets/NuGet/Editor/NugetWindow.cs:279)
NugetForUnity.NugetWindow:OnEnable() (at Assets/NuGet/Editor/NugetWindow.cs:253)
UnityEditor.EditorWindow:GetWindow()
NugetForUnity.NugetWindow:DisplayNugetWindow() (at Assets/NuGet/Editor/NugetWindow.cs:117)

@alankemp gave me the quick fix to ignore the cert: In NugetPackageSource.cs, GetPackageFroUrl(string url), before the try/catch:

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, errors) => true;

and hinted that the root cert of the system can be imported into Mono, which seems much safer.

Is this the suggested solution? Can we extend this tooling to support doing this?

Issue Analytics

State:
Created 6 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

2reactions

GlitchEnzocommented, Sep 19, 2017

I added the unsafe way for now, just to make it work: https://github.com/GlitchEnzo/NuGetForUnity/commit/ca9d63233c3e8e63409316793046e1f30b476282

1reaction

GlitchEnzocommented, Sep 19, 2017

No worries, I didn’t take any offense to your comment. I just realized I had only mentioned the unsafe option. I’d prefer a safer approach that didn’t allow everything, but I never got around to figuring out how best to do it.

Top Results From Across the Web

Security certificate validation fails - Windows Server

Cause. This issue occurs because the website certificate has multiple trusted certification paths on the web server.

Failed to Validate Certificate Error When Launching Oracle ...

The reason for this error is that Oracle Forms applications which are using the Certificate Revocation List (CRL) in Java are now getting ......

An invalid certification path error 500 occurs when ...

This is most likely due to a failed installation of the intermediate CA certificate. Solution. If you own the target server, reinstall the ......

A Simple Explanation of SSL Certificate Errors & How to Fix ...

An SSL certificate error occurs when a web browser can't verify the SSL certificate installed on a site. Rather than connect users to...

Never see "Certificate Validation Error" again

In most cases, the first attempt fails: ORA-29273: HTTP request failed ORA-29024: Certificate validation failure ORA-06512: at "SYS.UTL_HTTP", line 380.