-
Notifications
You must be signed in to change notification settings - Fork 275
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self signed certificate errors with vscode-insiders 1.36.0 #587
Comments
BTW - if there's any way to revert to a prior version so I can see verify that it still works there, I'd be happy to do that; I just couldn't find a way to download the prior version of insiders |
I'm experiencing the same issue. I'm behind an inspecting firewall, and have created an base docker image that adds the additional trust anchors (ca-certs), but I still get this error. |
vscode uses a different node (shipped with vscode itself) to run the extensions, and the execution context is different. If you use npm config, that will be ineffective, also if you set the ca file location in the environment variables, it wont read the file. |
Update - now that the stable version (1.35.0) supports Remote Containers, I was able to test this with 1.35 and found that it works properly. So 1.36.0 has introduced behavior that breaks something that works in 1.35.0. I'd really love to see this fixed before 1.36.0 becomes stable and it stops working again. |
@skamens The connection you see not working is only needed once per VS Code version for downloading the server bits. 1.35.0 might have downloaded these before while 1.36.0 still needs to do so. So it's not necessarily something that broke between these two versions. I have checked our code and it still loads the certificates in the latest version. Can you double-check the certificate is still registered in the OS? |
This is an issue with a proxy that uses a self-signed certificate. Nothing has changed in my network or system configuration, but I was still able to get vscode to honor the "no strict SSL" option with 1.35, and I am not able to do the same with 1.36. I'm happy to go with a workaround such that I can download the files manually or something, but mine is not the only circumstance where self-signed certs are used. |
Still not sure what has changed between 1.35 and 1.36. What are your settings in 1.35 vs. 1.36? |
I have lots and lots of settings.... Which particular ones would you like to know about? |
"http.proxy", "http.proxyAuthorization", "http.proxyStrictSSL", "http.proxySupport" and "http.systemCertificates". Are you setting HTTP_PROXY or HTTPS_PROXY environment variables? |
All of the settings indicated are the same between 1.35 and 1.36. I set HTTP_PROXY and HTTPS_PROXY inside my container via the Dockerfile. From looking at the output from the build of the container in each program, I see that the 1.35 version does this:
Which tells me that it already has the file locally, while with the 1.36 version I see this:
So it's not clear to me what it's actually doing there (a mkdir shouldn't cause an error like this). I presume that means it is trying to retrieve the vscode-server-linux tar.gz file outside of the container before pushing it in there. |
It downloads the server after |
This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines. Happy Coding! |
I'm using Remote Containers with vscode-insiders. Everything was working swimmingly until my version automatically got upgraded to 1.36.0.
Now when I try to rebuild my container I'm getting this error:
Run: docker exec bfd96d16537e595543020b5d3a1169800fb55c5040968a7203140885986762b1 mkdir -p /root/.vscode-server-insiders/bin/7a5bca9fafbbb23de289179be95e9c4832540c02_1559855096930
Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1049:34)
at TLSSocket.emit (events.js:182:13)
at TLSSocket._finishInit (_tls_wrap.js:631:8)
I have http.proxyStrictSSL set to false in my settings, but that doesn't seem to help.
Can anybody see what's wrong with this?
The text was updated successfully, but these errors were encountered: