I am trying to ignore SSL security VERIFYPEER. I need something like PHP have CURLOPT_SSL_VERIFYPEER I did search on web got many answer but nothing work i am trying to login in Instagram using C# unity. I try to create self certification but it was not work. if it is possible try to help me.

using UnityEngine.Networking;
using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;

public static bool Validator(object sender, X509Certificate certificate, X509Chain chain,
                          SslPolicyErrors sslPolicyErrors)
    return true;

    ServicePointManager.ServerCertificateValidationCallback = Validator;

    List<IMultipartFormSection> formData = new 
    formData.Add(new MultipartFormDataSection(data));

    UnityWebRequest www = 
 UnityWebRequest.Post("https://i.instagram.com/api/v1/", formData);
    www.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
    www.SetRequestHeader("User-Agent", ua);
    yield return www.SendWebRequest();

    if (www.isNetworkError || www.isHttpError)
        Debug.Log(www.error); // Getting Bad Request

1 Answers

derHugo On

You habe to implement a custom CertificateHandler and overwrite ValidateCertificate

e.g. from the API

// Based on https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#.Net
public class AcceptAllCertificatesSignedWithASpecificKeyPublicKey : CertificateHandler
    // Encoded RSAPublicKey
    private static string PUB_KEY = "30818902818100C4A06B7B52F8D17DC1CCB47362" +
        "C64AB799AAE19E245A7559E9CEEC7D8AA4DF07CB0B21FDFD763C63A313A668FE9D764E" +
        "D913C51A676788DB62AF624F422C2F112C1316922AA5D37823CD9F43D1FC54513D14B2" +
        "9E36991F08A042C42EAAEEE5FE8E2CB10167174A359CEBF6FACC2C9CA933AD403137EE" +

    protected override bool ValidateCertificate(byte[] certificateData)
        X509Certificate2 certificate = new X509Certificate2(certificateData);
        string pk = certificate.GetPublicKeyString();
        if (pk.Equals(PUB_KEY))
            return true;

        // Bad dog
        return false;

Or simply

public class AcceptAllCertificates : CertificateHandler
    protected override bool ValidateCertificate(byte[] certificateData)
        return true;

And than add it to your request like

www.certificateHandler = new AcceptAllCertificates();


www.certificateHandler = new AcceptAllCertificatesSignedWithASpecificKeyPublicKey();