I got the weirdest behavior. My app uses a backend system that worked fine up until it gives this error.
This error is given when logging in. I send a unique device ID to the backend, the backend returns success or fail and the relevant credentials to start the session.
The weird part is that this error only happens on some android devices. The unique ID I send to the backend is the IMEI number on android. On pc, the backend works fine and also on some android devices. I have not seen posts about Curl error 60, only Curl error 51.
The error means that it fails to establish secure connection because of expired certificate. If it happens only on some devices, it most likely means that the root certificate expired and was replaced by the new one, but some devices have out of date certificate store that only has the old (expired) certificate.
For info, not so long ago Let’s Encrypt root certificate has expired, leading to plenty of people getting such kind of error.
Unfortunately, the only ways around this is either getting certificates on device update or using custom certificate validation.
I am getting this error on one device only but not on any others. The SSL certificates are fine.
What could be the reason for that?! (it is Android 7.0!)
If custom certificate validation is required, it is a bit of a change…!
This is a “Let’s Encrypt” certified site - if a different provider is used will it back-fix it?
It says here: Certificate Compatibility - Let's Encrypt
that “Android >= 7.1.1 (but Android >= 2.3.6 will work by default due to our special cross-sign)” but my guess is the ‘special cross-sign’ not working?!
But note that the web domains work on the android device’s browser - it is only a Unity app making requests to the domain that fail - so seems like Unity’s certificate handling could be better?!
Various Android devices have a problem with out of date certificate stores and Let’s Encrypt root certificate did expire not so long ago, so if device does not have a renewed one, it will not work.
My guess is that web browser does not use device store, but rather has it’s own. Unity uses certificates from device.
I also had this issue with some Android devices, but only with the ones with modified OS.
I had this exception in a device on which the IMEI was changed, and because of that the Samsung cloud where blocked.
A workaround for this exception is to send the request over HTTP, not over HTTPS.
But we should keep in mind the risk that comes with using HTTP over HTTPS (Security,Data Integrity,Compliance)
if you are not sending request using unity WebResquest, the exception might look like:
TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: UNITYTLS_X509VERIFY_FLAG_NOT_TRUSTED