Skip to content

Enable SSL certificate verification for PlayFab API requests#200

Merged
rgomez391 merged 1 commit into
mainfrom
raulgomez/fix-ssl-verifypeer-62661974
Jun 26, 2026
Merged

Enable SSL certificate verification for PlayFab API requests#200
rgomez391 merged 1 commit into
mainfrom
raulgomez/fix-ssl-verifypeer-62661974

Conversation

@rgomez391

Copy link
Copy Markdown
Contributor

Summary

Enables TLS certificate verification for all PlayFab API requests in the C++ GSDK.

Previously, CURLOPT_SSL_VERIFYPEER was set to false in PlayFabHttp.cpp, disabling SSL certificate verification for every PlayFab API call. This exposed the developer's secret API key and all API traffic to man-in-the-middle (MITM) interception. The disabling was a temporary workaround (// TODO: Replace this with a ca-bundle ref???) that was never resolved.

Fix

Set CURLOPT_SSL_VERIFYPEER to true, matching the resolution already shipped in the sibling SDK PlayFab/XPlatCppSdk. CURLOPT_SSL_VERIFYHOST remains at its secure default (2).

Testing

  • Configured and built the C++ GSDK with CMake (VS 2022 / MSVC) — compiles cleanly, no new warnings or errors.

Notes

  • After this change, debugging proxies like Fiddler will no longer transparently intercept these calls unless their root cert is trusted by the system — this is the intended, secure behavior.

Resolves AB#62661974

CURLOPT_SSL_VERIFYPEER was set to false, disabling TLS certificate verification for all PlayFab API requests and exposing the secret API key and traffic to man-in-the-middle attacks. Set it to true to match the upstream XPlatCppSdk fix. Resolves AB#62661974.

@tculotta tculotta left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@rgomez391 rgomez391 merged commit f881377 into main Jun 26, 2026
2 checks passed
@rgomez391 rgomez391 deleted the raulgomez/fix-ssl-verifypeer-62661974 branch June 26, 2026 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants