New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Github authentication does not respect proxy certificate settings #170292
Comments
Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for similar existing issues. See also our issue reporting guidelines. Happy Coding! |
@TylerLeonhardt To be honest, I dont quite agree with closing this issue. I mean, yes providing extension proxy support is the cleanest way to implement a solution for this, but this extension has to be adapted anyways. Also there is a difference in severity and priority between any old third party extension being broken by this and one of two buildin authentication extensions being broken. At the very least the referenced issue should be updated with this scenario as a high priority use case. (If that has already been done, I appologise for missing it, and this issue can safly remain closed) |
We do load the certificates from the OS, the error suggests that this either doesn't work or the required root certificate is missing. Could you enable debug logging ( |
It seems like the certificates are loaded. The proxy is also correct.
It may very well be that the certificate configuration of my organization is somehow slightly broken/non-standard. But I thought that is what the |
Could you run |
This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines. Happy Coding! |
Type: Bug
Szenario
I'm behind a corporate internet proxy an am trying to sign in with Github (to github.com) which fails with
Steps to reproduce
Error details
From the
Github Authentication
logCertificate / proxy details
The proxy is one of those terrible things that re-signs all the https traffic with its own custom certificate. Said certificate is then installed on the OS level of the individual PCs so that it is recognized as a valid certificate.
Investigation
I tried adjusting the vscode proxy settings but apparently not all of them are respected equally:
http_proxy
/https_proxy
are respected.http.proxy
is respected. I tested this by entering an invalid URL and receiving the expected timeout.http.proxyStrictSSL = false
norhttp.systemCertificates = true
seemed to have any effect. Or they do not mean what I think they do?Workaround
By reading the source of the github authentication extension I discovered that it apparently utilizes
node-fetch
directly. Thus I tried disabling the certificate validation on the Node.js level via the environment variableNODE_TLS_REJECT_UNAUTHORIZED = "0"
and indeed this allowed me to successfully sign in with Github.Obviously this is a suboptimal solution at best.
Desired behavior
The Github authentication should respect the vscode certificate settings mentioned above.
It seems to me that, because authentication is implemented as a (build-in) extension it suffers from the same problem all extensions have with regard to http requests and proxy settings: There is (as far as I know) no unified support/API/package provided by vscode and thus every extension has to figure it out by them themselves with the obvious potential of getting some edge cases wrong. So maybe the invest should go in that direction. From my research into this problems it seems that there are quite a lot of issues that seem to be related to this.
VS Code version: Code 1.74.2 (e8a3071, 2022-12-20T10:29:14.590Z)
OS version: Windows_NT x64 10.0.19044
Modes:
Sandboxed: No
System Info
canvas_oop_rasterization: disabled_off
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_renderer: enabled_on
video_decode: enabled
video_encode: unavailable_off
vulkan: disabled_off
webgl: enabled
webgl2: enabled
webgpu: disabled_off
The text was updated successfully, but these errors were encountered: