[Liquid_Fire]

The Battle.net launcher uses Qt, and they already have a macOS version of it, so it shouldn't be too difficult to port.

Edit: That said, it's not like the lack of Unity Editor on Linux was stopping them from having a Linux version of Hearthstone. It has been possible to target Linux for years.

[vbezhenar]

One simple example: battle.net installs its own root certificate to the OS trust store. How do you do that for Linux? There are plenty of distributions with different rules. That would be some work.

[justinclift]

> How do you do that for Linux?

Varies by distro. For example, on my CentOS 7 desktop just now:

  $ cat /etc/pki/ca-trust/source/README
  ...
  QUICK HELP: To add a certificate in the simple PEM or DER
     file formats to the list of CAs trusted on the system:

     Copy it to the /etc/pki/ca-trust/source/anchors/
     subdirectory, and run the update-ca-trust command.

That README is part of the "ca-certificates" package.

As seba_dos1 points out though... why would doing this be needed for a single application?

It should be possible to point the cert validation code at a non-system-wide CA chain.

[seba_dos1]

Why would it do that in the first place?

[vbezhenar]

I think that they're running webserver on localhost and they are connecting to it from their website opened in browser, probably for some integration.

[jandrese]

How is that going to work when most of the users are behind NAT/Firewalls? That's a connection model that just doesn't work well on the modern Internet.

I'm also kind of baffled by the need to install a Blizzard root cert in the cert store. That's normally only necessary for people who are too cheap to get their certs signed (Blizzard makes enough money to do this) or who want to MitM encrypted traffic from your host.

[vbezhenar]

You're opening their website. JavaScript on their website connects to https://localhost:12345 and uses that connection to interact with battle.net software that runs on your PC. NAT/Firewall is not an issue. But that client software have to present valid certificate for that localhost website. To do so, they generate that self-signed certificate at installation time and mark is as trusted, so browsers will accept it. There's no other way to do that, really (well, there's a way actually, but it requires to sign some very non-standard agreements with certificate authorities, I know that Plex does that). Blizzard does not use that certificate to MitM your connection, because they don't send it back, it's generated, stored and used locally.

I don't like this practice too and I would opt-out of that "feature" having the choice. I just used to develop similar software, so I understand why they did that.

[captn3m0]

This is what Plex does: https://blog.filippo.io/how-plex-is-doing-https-for-all-its-...

[jandrese]

Do you actually need a root cert for this? Can't you just install the server's self-signed cert?

[xfer]

What's the point of using tls on localhost?

[tumetab1]

IMHO the only correct solution is stop doing that.

[rasjani]

Problem so far has been that unity dev tools where windows only while Linux would still be a target.

[pjmlp]

And macOS.