Certificate Validation | Thumprint Whitelisting

Does Udon/VRChat have a way to validate a certificate of a web request? I’m assuming that any trusted certificate on your own computer is counted by VRChat. But are we able to trust a website based on it’s certificate thumbprint? (Thumbprint whitelisting)

Probably not from within the app. But what would be the use case, is it to load an api call for a video or an image?

If so wouldn’t installing the certificate onto your machine be enough?

An stringloading request. Someway to validate the information in the request, maybe even encrypt it.

Well. Your trafic is encrypted when using https, so if you have a custom certificate, you’d need to install it on the user’s machine I guess.

And for validation of origin, maybe if you could get your hands on vrchat server IP list to white-list the origin of requests.

I’m not very sure of what is your need or issue.

Yeah, this is what I needed. It’s more validating the certificate of github/pastebin/etc. Would have been interesting if there was a way.

Could you be more precise and add details ?

What certificate are you talking about. The CA validating HTTPS for Github or Pastebin are installed on all users machines already, I’d imagine it could be an issue if you talked about custom issues certificate.

What is that thing that you need to validate that isn’t already? Do you get an error when you try to communicate with those URLs?

From this thread I suspect that if I want access to patreon only features in a world I could redirect a site like pastebin to a different server, and as long as I add the correct cert so my local PC will connect to the different server, all will be well.

This article mentions intermediate pinning, which is the concept they’re interested in