SSL Certificate storage

I have a huge problem trying to use WebRequest or SslStream with HTTPS. Namely that the SSL certificates are not recognized. I assume this is because Unity uses Mono, which in turn uses it's own certificate storage instead of the system storage. Using the WWW class with a HTTPS address works, but that may just be ignoring the certificates totally and I need to to stuff in threads instead of coroutines anyway.

Even contacting https://google.com/ doesn't work!

Code (CSharp):

1.         Debug.Log("Testing WebRequest");
2.         WebRequest req = WebRequest.Create("https://google.com/");
3.         WebResponse response = req.GetResponse();
4.         Stream stream = response.GetResponseStream();
5.         Debug.Log(new StreamReader(stream).ReadToEnd());

This code results in
TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a

How do I fix this? I need to have working HTTPS connections to Google App Engine servers, which I currently cannot figure out how to do. Making the ValidateServerCertificate delegate to ignore errors doesn't work, I still get an error saying authentication / decryption failed (and it would be bullshit to accept any cert anyway). I also don't think I should be manually adding / hardcoding certificates, since they may be changed any time.

Does anyone have any idea what to do? Who knows about this stuff on Unity's side?

 

Right, using

Code (CSharp):

1. System.Net.ServicePointManager.ServerCertificateValidationCallback =
2.                  delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
3.                  { return true; };

manages to skip the certificate check and allows the code to work. It's bullshit though, since ignoring the certificate check is not secure.

So, how can the system root cert storage be used?

 

Please Unity, waiting for an answer. Created a bug report too (749579), but obviously no answer to that either.

 

Bump, anything official?

 

I just tested that exact code in the editor on OS X, and it's not giving me the exception. There might be something weird with your network.

 

It's not about the network, I can replicate it both at home or at work. It's because Mono doesn't have a root certificate storage by default and it doesn't use the one that the OS has.

 

This has been introduced in Unity 2018.2:

https://blogs.unity3d.com/2018/07/10/2018-2-is-now-available/