[BUG] _do_handshake: TLS handshake error: -9984 and then Invalid operands 'String' and 'int' in operator '!='

[IntegralPilot]

Describe the bug I am behind a school WiFi network what signs their own SSL certificates. When my code I see this: And then this: And it doesn't look like GodotFirebase does anything meaningful.

To Reproduce Connect to a WiFi network that signs their own SSL certificates. Run this after installing the GodotFirebase extension: Firebase.Auth.login_anonymous() var collection : FirestoreCollection = Firebase.Firestore.collection("leaderboards") collection.get("TestDocument") var document : FirestoreDocument = yield(collection, "get_document") print(document)

Expected behavior It should sign in anonymously and then fetch the /leaderboards/TestDocument document.

Screenshots Added above

Environment:

• OS: Windows 10
• Browser: N/A running project in GoDot Editor

Additional context I think this is all I need but am happy to provide more error info.

If this is intended behaviour, is there a way to trust certificates or just turn off SSL verification (this is a project, I don't really care about person-in-the-middle attacks).

Thank you for making this amazing repo and for reading through my issue and have a great day, Kotlin_for_win

[IntegralPilot]

Hi! @BearDooks I've seen you solve so Firestore issues before. I was just wondering if you could please help out with this. Thank you for making such a great repo, it allows me to use my favourite cloud service on my favourite game engine and is fantastic!

[BearDooks]

Hey @Kotin-for-win, I was just reading up on this. I need to see if I can find that error in the documents somewhere, but best guess is the school WIFI is brokering the SSL connection for you and for some reason they are not trusting the connection, or Google does not like the man in the middle.

If you test this outside of this network does it work fine?

[IntegralPilot]

Yes, it does. Thank you so much for your help.

[IntegralPilot]

Do you know if there is a workaround, or will I have to only work on non-school WiFi? Thanks again, Kotlin-for-win

[IntegralPilot]

@BearDooks , I just discovered that I get _do_handshake: TLS handshake error: -9984 when I try and download the export templates within the Godot Editor. I think the error must have something to do with Godot's internal web request handler, and it not liking the self-signed SSL certificates. Do you know if it is possible to turn off this SSL certification or trust my IT Department's certificate within Godot Engine? Or is it possible for this to be disabled by calling a GDScript web request differently in GodotFirebase?

Thank you so much for helping out!

[IntegralPilot]

It's all resolved! Sorry for wasting your time @BearDooks. I did some more research and found that this was indeed an issue with Godot's internal web request handler. I followed this tutorial to import my IT Department's certificate into GoDot's truststore, and everything works great now. In case anyone encountering this issue finds this, I resolved this issue by following these steps (WINDOWS):

1. Go to a website like google.com in chrome white connected to your company/school WiFi.
2. Press the padlock -> Connection is secure -> Certificate is valid
3. In the window that appears, navigate to Certification Path
4. You will see three certificates, press the top one and then 'view certificate'
5. Go to details, then Copy to File
6. Continue with default settings and save as DER blah blah (.CER)
7. Once you see 'the export was successful', go to the folder where you saved the file.
8. Change it from blah.cer to blah.crt
9. Copy it to your project's res:// directory
10. In Godot editor go to Project -> Project Settings
11. Search for SSL
12. On certificates press the little file icon
13. The select blah.crt
14. And everything should work!

[fenix-hub]

As a side note: since it's related to HTTP, one thing that could be tested is running the project while the certificate is untrusted, and setting the HTTPRequest Node policies to NOT verify SSL. For example, here https://github.com/GodotNuts/GodotFirebase/blob/601d974ed268e96556e1ea0e8210e2a060cfc895/addons/godot-firebase/auth/auth.gd#L215 the third parameter, which is true, should be set to false, and then trying to execute such function

EDIT errata, ssl_validate_domain will validate the remote domain you are connecting to, but the issue is the Relying Party itself (you). So your solution is the official one and should be applied in this specific case (unless your IT department decides to buy a certificate from a CA)

[BearDooks]

@Kotin-for-win you didn't waste time. Glad it worked out. Sorry it was late for me last night and I ended up falling asleep.

Is it ok if I take you fix and add it to the wiki?

[IntegralPilot]

@BearDooks - Thanks for helping out even though it was late at night for you. Yes, of course you can put it on the Wiki, I hope some other people can find the resolution for this issue as well. Thanks also to @fenix-hub , that's a great solution also, I think his solution should also be put on the Wiki if that is OK.

Have a great day and thank you again all so much for this great repository, Kotlin-for-win

[IntegralPilot]

*I think step 8 should be 'rename the file from blah.cer to blah.crt' to emphasize that it is just renaming, and no file converter is needed.