- Home /
crossdomain.xml not working with ssl and facebook canvas
My app has a facebook canvas version at apps.facebook.com/fizzpoints.
The unity3d file is hosted at www.fizzpoints.com.
The app makes API calls to development.fizzpoints.com.
My app and API calls work fine on my tests with Android. They also work in the editor when the build settings are set to webplayer, which I understand to be emulating the same security policy as the actual webplayer.
However, in the facebook canvas, they don't work. I get the following error (I have some of this information because I installed the logviewer http://www.dreammakersgroup.com/products-2/unity3d-in-game-logs/).
NotSupportedException: https://development.fizzpoints.com/api/users/adminmessage //same for my other endpoints as well System.Net.WebRequest.GetCreator(System.String prefix) System.Net.WebRequest.Create(System.Uri requestUri) System.Net.WebRequest.Create(System.String requestUriString)
That is one of my endpoints, but it works fine in the editor with webplayer selected, as do all my other endpoints.
I followed the directions in the debugging section of this resource (http://docs.unity3d.com/Manual/SecuritySandbox.html) to see my logs. In the editor, even though the API calls work, I do get an error.
CheckingSecurityForUrl: https://development.fizzpoints.com/api/users/fblogin CheckingSecurityForUrl: https://development.fizzpoints.com/crossdomain.xml ERROR building certificate chain: System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.12 at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x00000] in :0
at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x00000] in :0 at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x00000] in unknown>:0 at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00000] in unknown>:0 at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00000] in :0 at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in unknown>:0 --- End of inner exception stack trace --- at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in unknown>:0 at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x00000] in unknown>:0 Please, report this problem to the Mono team
According to this resource (http://msdn.microsoft.com/en-us/library/ff635603.aspx), algorithm 1.2.840.113549.1.1.12 is sha384RSA, but my certificate issuer (Comodo) assures me that the only possible algorithm used was SHA256 (presumably algorithm 1.2.840.113549.1.1.11).
Subsequent calls to the same and other endpoints do not result in an error, just the single line:
CheckingSecurityForUrl: https://development.fizzpoints.com/api/users/adminmessage
Additional Info As you may have noticed, I'm making my calls with the HTTPWebRequest class. I'm not using unity's WWW class because I need to be able to change request headers, which, if it is possible, eluded me when I experimented with the class.
My SSL configuration file on my server contains the following 2 lines:
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
Are any of those directives causing trouble for Unity?
Answer by jvaughan22 · Jul 08, 2015 at 07:40 AM
I've seen similar certificate problems:
http://forum.unity3d.com/threads/https-x509-certificate-sha-2-signature-problems-on-ios.339163/
Your answer
Follow this Question
Related Questions
Facebook Post to wall FB.Feed issue in Unity Facebook SDK 1 Answer
UnityWebRequest ContentType not Overriding 4 Answers
Error using Facebook API to get user's birthday (given key not present in dictionary) 1 Answer
How to use YoLo AR screenshots Share facebook 0 Answers
Can't Send a form to a server(POST) due to CORS error in a WEBGL build 1 Answer