unable to get local issuer certificate

[gartnera]

• VSCode Version:
• Local OS Version: MacOS
• Remote OS Version: ubuntu 18.04
• Remote Extension/Connection Type: SSH

Steps to Reproduce:

1. Use vscode insiders with ssh remote
2. Be inside corporate proxy with ssl break and inspect (custom CA)
3. Try to install any extension

Does this issue occur when you try this locally?: No
Does this issue occur when you try this locally and all extensions are disabled?: No

The initial install works and the second stage cpptools are also downloaded after I manually installed cpptools from .vsix. I just can't install extensions.

Log:

[2019-05-03 23:09:17.753] [remoteagent] [info] Installing extension: ms-vscode.cpptools
[2019-05-03 23:09:17.755] [remoteagent] [info] Scanned user extensions: 0
[2019-05-03 23:09:17.809] [remoteagent] [error] Failed to install extension: ms-vscode.cpptools unable to get local issuer certificate
[2019-05-03 23:09:18.153] [remoteagent] [info] Scanned user extensions: 0
[2019-05-03 23:09:18.171] [remoteagent] [info] Scanned system extensions: 24
[2019-05-03 23:09:57.227] [remoteagent] [info] Scanned user extensions: 0
[2019-05-03 23:09:57.227] [remoteagent] [info] Installing the extension: ms-vscode.cpptools
[2019-05-03 23:09:58.605] [remoteagent] [info] Extracted extension to /home/agartner/.vscode-remote/extensions/.ms-vscode.cpptools-0.22.1: ms-vscode.cpptools
[2019-05-03 23:09:58.605] [remoteagent] [info] Renamed to /home/agartner/.vscode-remote/extensions/ms-vscode.cpptools-0.22.1
[2019-05-03 23:09:58.609] [remoteagent] [info] Installation completed. ms-vscode.cpptools
[2019-05-03 23:09:58.613] [remoteagent] [info] Successfully installed the extension: ms-vscode.cpptools

[roblourens]

• Have you set the http.proxy setting in vscode?
• Can you install extensions in a local vscode window?

[mjbvz]

Also, can you connect to the marketplace at all from the remote? For example, does wget marketplace.visualstudio.com work from a ssh terminal?

[gartnera]

• Have you set the http.proxy setting in vscode?

Yes

• Can you install extensions in a local vscode window?

Yes, without any changes from default (no changes to http.proxy or http.proxyStrictSSL).

Also, can you connect to the marketplace at all from the remote? For example, does wget marketplace.visualstudio.com work from a ssh terminal?

Yes. curl.txt

After investigating further, I can install extensions if I set http.proxyStrictSSL to false, but I'd prefer not to do that. Can I somehow debug which certificates are loaded and where they are being loaded from?

Also note that when running vscode on the server via X11 forwarding, I can install extensions without any configuration. chromium-browser also works on the server.

Perhaps this is because you're not running full electron on the server side anymore?

Yep that's it. After setting NODE_EXTRA_CA_CERTS I can install extensions fine.

Please document or point NODE_EXTRA_CA_CERTS at /etc/ssl/certs/ca-certificates.crt by default.

[roblourens]

So electron sets NODE_EXTRA_CA_CERTS by default?

Do you know about this @joaomoreno?

[gartnera]

I suspect electron uses the libnss database and therefore sees my existing certs that I use with chrome instance (I don't know anything about electron). Plain nodejs apparently only uses it's built in certs and NODE_EXTRA_CA_CERTS if set.

[joaomoreno]

@roblourens 🤷‍♂️

[vscodebot]

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!

[gartnera]

Is there more information you need from me?

[roblourens]

How did you configure these with Chrome? I have no clue whether setting that environment var by default is the right thing to do or not.

[gartnera]

It looks like #231 and #419 are duplicates of this issue. #231 is assigned to a milestone so I assume it's being worked on.

[roblourens]

Good call. Didn't realize we had #231. Will close as dupe then