I am trying to ignore SSL security VERIFYPEER. I need something like PHP have CURLOPT_SSL_VERIFYPEER I did search on web got many answer but nothing work i am trying to login in Instagram using C# unity. I try to create self certification but it was not work. if it is possible try to help me.

using UnityEngine.Networking;
using System;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;

public static bool Validator(object sender, X509Certificate certificate, X509Chain chain,
                          SslPolicyErrors sslPolicyErrors)
{
    return true;
}

    ServicePointManager.ServerCertificateValidationCallback = Validator;

    List<IMultipartFormSection> formData = new 
 List<IMultipartFormSection>();
    formData.Add(new MultipartFormDataSection(data));

    UnityWebRequest www = 
 UnityWebRequest.Post("https://i.instagram.com/api/v1/", formData);
    www.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
    www.SetRequestHeader("User-Agent", ua);
    yield return www.SendWebRequest();

    if (www.isNetworkError || www.isHttpError)
    {
        Debug.Log(www.error); // Getting Bad Request
    }
    else
    {
        Debug.Log(www.downloadHandler.text);
    }

1 Answers

0
derHugo On

You habe to implement a custom CertificateHandler and overwrite ValidateCertificate

e.g. from the API

// Based on https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#.Net
public class AcceptAllCertificatesSignedWithASpecificKeyPublicKey : CertificateHandler
{
    // Encoded RSAPublicKey
    private static string PUB_KEY = "30818902818100C4A06B7B52F8D17DC1CCB47362" +
        "C64AB799AAE19E245A7559E9CEEC7D8AA4DF07CB0B21FDFD763C63A313A668FE9D764E" +
        "D913C51A676788DB62AF624F422C2F112C1316922AA5D37823CD9F43D1FC54513D14B2" +
        "9E36991F08A042C42EAAEEE5FE8E2CB10167174A359CEBF6FACC2C9CA933AD403137EE" +
        "2C3F4CBED9460129C72B0203010001";

    protected override bool ValidateCertificate(byte[] certificateData)
    {
        X509Certificate2 certificate = new X509Certificate2(certificateData);
        string pk = certificate.GetPublicKeyString();
        if (pk.Equals(PUB_KEY))
            return true;

        // Bad dog
        return false;
    }
}

Or simply

public class AcceptAllCertificates : CertificateHandler
{
    protected override bool ValidateCertificate(byte[] certificateData)
    {
        return true;
    }
}

And than add it to your request like

www.certificateHandler = new AcceptAllCertificates();

or

www.certificateHandler = new AcceptAllCertificatesSignedWithASpecificKeyPublicKey();