I have a project which I built on linux and it works as expected. When I try to build a version for windows it does not work at all. I set up debugging on windows and the issue is with ssl.
The project accesses external urls entered by the user. It uses both HttpClient and XDocument.Load and in both cases I get
System.Net.WebException: Error: TrustFailure
with a bunch of inner exceptions terminating at
Ssl error:1000007d:SSL routines😮PENSSL_internal:CERTIFICATE_VERIFY_FAILED
at /root/mono-6.12.0.182/external/boringssl/ssl/handshake_client.c:1132

I don't even really need http encryption for the project so this is doubly frustrating as I can not see any way to turn it off. I am using the latest stable build downloaded today from the official website. The issues occur on windows while running from the editor as well as in exported versions of the project (at least I assume the error is the same).

All the discussion I can find on the web about this error assumes a huge amount of understanding about how ssl certificates work, which I do not have. A lot of it also assumes I have access to change the server certificate, which is nonsense as a) I don't and b) the server certificate is fine, these are big commercial websites with millions of users.

Is there anything I can do or are http requests just not supported in godot on windows?

Is this a new install of Windows? Which version? Most likely it means the root certificates on the system are old or expired. This could also be in the browser. So make sure you update everything (and if you are running an old unsupported version of Windows, it might be a good ideal to test Windows 10 or 11). Also, check the system clock. If the system clock is off, or in the wrong timezone, it can cause certificate validation to fail.

    cybereality Its windows 10 pro, up to date, installed about 18 months ago.
    If it were the windows certificates wouldn't the browser have the same errors? Or do browsers not use the main windows certificate store?

      If you are making HTTP requests from Godot (not HTML5) then it won't use the browser. But it does access the root certificates on the OS. If you have Windows 10, you should be fine. Especially if you did Windows Update already. Though, at this point, I would wonder about the SSL cert on the external server. That one also needs to be valid. You should test on your machine with a variety of URLs (there are free servers to get the date and other things like that) to make sure it's working.

        cybereality I have tried that, I tested it with reddit, Al Jazeera English and a German news website called taz.de
        All of them gave me the same error

          I just tested it with the url to this thread and got the same. If this is not a known issue that everyone is experiencing, there must be some issue in my code, or in the way I have set up godot. So to approach the question from a different angle, what could I have done that might break ssl certificate resolution?

          I am running through jetbrains rider to debug, but I get the same error when I run it from the editor. I am using c# and the specific request that is failing is HttpClient.GetAsync(url)

          Hmm I was just looking again for similar issues in the issue tracker and I noticed godot has its own httpclient implementation. I will see if it works with that

          I tried it with HTTPClient (the base client HTTPRequest uses) and it just returns 301 for every request. I imagine this has the same root cause as my previous error but I have no way to be sure. Do you think I might have better luck on the issue tracker?

          You sure your own system firewall isn't blocking your connections?

          I know that code works, so it must be something else.

          So I made a temp demo project and copied the code from both the HTTPRequest and HTTPClient tutorials in. The Former fails to connect and just gets stuck in an endless loop. The latter works perfectly.
          I would rather not have to do deal with using a node and signals in something that I had architected as a singleton service, but I guess it is what it is.

          I am going to report a bug anyway because it would be nice to have more support for these other classes. Even if the issue is just that the tutorials are out of date or something.

          Edit: I unmarked this as the answer, it could work in a lot of cases but there are a lot of dotnet libraries that use HttpClient as their basis for communicating with the internet and for people that need one of those libraries the built in Godot one will not fix the problem.

          Future readers: Using the HTTPRequest node appears to work and gets around these issues.

          You can also check the status of these two bug reports:
          https://github.com/godotengine/godot/issues/65722
          https://github.com/godotengine/godot/issues/65723
          To see if there is any workaround, fix or explanation regarding the two httpclient implementations

          I still think it might be an issue local to the network settings on the machine, but I don't use C#. I have made HTTPRequests in GDScript, copied from the page I linked to, and I know that works.

            cybereality That is a definite possibility. I will update this thread if it turns out to be the case. There was another computer it wasn't working on, but I was not able to debug there and see details so I cant be sure.

              cybereality Could you do me a huge favour? I realised how much work it is going to be to convert to HTTPRequest because I will have to rewrite the libraries I am using as well. You can check if HttpClient is failing bacause of my machines configuration by going to this project:

              https://github.com/Dunkhan/GodotHttpBug
              Download it
              Uncomment the line marked "HttpClient (dotnet)"
              comment out the other test lines
              Run the program

              If anyone else could test this for me that would be extremely helpful.

                Maybe I can check tomorrow. It's late here and C# isn't setup on this machine.