Investigate adding config to disable SSL validation

[mikerochip]

Mono has a bug where no ssl validation callbacks are called for WebSockets.

References:

• https://issuetracker.unity3d.com/issues/mono-secure-websockets-connection-setup-with-a-self-signed-certificate
• https://stackoverflow.com/questions/60468250/system-net-websocket-clientwebsocket-with-self-signed-certificate
• mono/mono#8660
• https://forum.unity.com/threads/how-to-allow-self-signed-certificate.522183/

May need to replace usage of ClientWebSocket with a vendored copy of websocket-sharp

Maybe not possible for WebGL / pure JavaScript:

• https://security.stackexchange.com/questions/211618/bypassing-valid-certificate-requirement-for-websockets

[mikerochip]

Using websocket-sharp works for non-WebGL to bypass the mono bug where cert validation callbacks are not properly called. Experimental branch here.

There is no great workaround for JavaScript outside of using a Node websocket library with rejectUnauthorized: true.

This library may become become bloated with the inclusion of these two things. Will have to ponder this more.

[tmaxted]

Hi there, apologies for reviving this after almost a year!

Thank you very much for the references, they were very helpful.
I had this exact situation but actually managed to fix it by setting a custom ServicePointManager CertificatePolicy.
See gist for code snippets.

Hope this helps!

[mikerochip]

No need to apologize! I wish WebGL had a decent path to a solution, but at least with the technique you discovered I won't have to vendor websocket-sharp for the DotNet path. I really appreciate it, thank you!