koobas.hobune.stream
UnityWebRequests constantly fail with 'SSL CA certificate error' on the HoloLens 2 device (UWP build) when accessing API hosted on Azure
Question
Am I missing something obvious, or should I submit an issue?
Description
When trying to communicate with an API hosted on Azure (.NET based) the requests work well in the Unity Editor, but, when deployed on device (HoloLens 2), the requests fail with the error message mentioned in the title. The return code is 0, the result is a ConnectionError and the error message is 'SSL CA certificate error'.
Additional info
I have also made empty projects to verify that this is not an issue with my code and:
On Unity 2019.4.32f1. the requests work just fine.
On Unity 2020.3.25f1 and 2020.3.27f1 (which is the version I was primarily using), the requests always fail.
What I've also tried:Adding a custom CertificateHandler which accepts all certificates and including it in the UnityWebRequest object. I have also verified with debugging that the return statement is called in the custom handler, but this did not help with the issue.
Adding a callback to the System.Net.ServicePointManager.ServerCertificateValidationCallback, again accepting all certificates.
Different types of requests (POST, GET) - all end up with the same error.
Updating the device and Visual Studio dependencies (SDKs).
Additional notes:
I'm not able to share the URL of the Azure backend that I'm using.
The site's certificate is valid. The API can be opened and inspected through the Edge browser, on the HoloLens 2 device. I have also used other tools to verify this (e.g. https://dnschecker.org/ssl-certificate-examination.php).
The project settings in the different Unity versions used to verify the issue are absolutely the same. Same scripting backend, same API compatibility...
Might be related to the following forum post as the last comment (from mentalup, on Jan 10, 2022) is from a few weeks ago and mentions a similar issue: https://forum.unity.com/threads/unitywebrequest-report-an-error-ssl-ca-certificate-error.617521/
Other requests e.g. to https://google.com work just fine
Code Sample
Sample code that I used to check the requests:
private IEnumerator Test() {
var unityWebRequest = new UnityWebRequest(
url,
UnityWebRequest.kHttpVerbPOST);
unityWebRequest.SetRequestHeader("Content-Type", "application/json");
unityWebRequest.SetRequestHeader(apiHeaderName, apiHeaderValue);
unityWebRequest.downloadHandler = new DownloadHandlerBuffer();
unityWebRequest.uploadHandler =
new UploadHandlerRaw(Encoding.UTF8.GetBytes(body));
unityWebRequest.uploadHandler.contentType = "application/json";
yield return unityWebRequest.SendWebRequest();
var error = unityWebRequest.error;
}
Update 2022-02-06
Same requests work on Android builds (on device) on 2020.3.25f1 (presumably on 27f1 too).
I tried pinging a random azurewebsites site different than the one I'm using and the same issue persists on the HoloLens 2 device. The URL I pinged was https://coms.azurewebsites.net/SystemAdministration/Login (first site that popped up on the search engine).
Update 2022-02-09
Also tried adding the mscorlib (where it seems the issue comes from) to the link.xml assemblies that are ignored by the IL2CPP code stripping. No luck with that either.
Turned out it was a Unity bug and it has been fixed in Unity 2020.3.28f1 and some other patch versions. The issue mentioned in the release notes is a bit different, but I assume it's the same one that solved the one from this question: https://issuetracker.unity3d.com/issues/tlsexception-handshake-failed-error-when-uwp-build-configuration-is-set-to-release
I was having the same error using Unity 2020.3.24f1 for a UWP ARM64 Build for the HoloLens 2, against a CCD bucket. My initial solution was to move to a AWS S3 (publicly open) and replace the request's uri HTTPS to HTTP.
I updated to 2020.3.28f1 and my CCD requests now work on the device.
