-
Notifications
You must be signed in to change notification settings - Fork 27.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self-signed certificate error when installing Python support in WSL in spite of custom root certificate correctly installed in WSL #131836
Comments
Hello! I've developed a work around. The core issue here seems to be that the certificate store passed by NodeJS running the back-end server to the OpenSSL library it uses to deal with encryption is not the linux system certificate store updated by Something like this works
However, ideally the solution should be to have NodeJS use the system certificate store |
@chrmarti Are you familiar with this? |
We read Maybe the failing request is made somewhere else. Could you attach a screenshot from when the error occurs? |
@sandy081 Are you downloading the VSIX using the Node.js |
I use the request service to download and it seems this is the request service that is being registered in renderer - It seems this uses chrome stack. |
Looks like various issues here: |
You are the hero I needed, thanks for this! |
One of our customers is also impacted by the same issue when connecting to Azure ML Compute instances through VSCode. Azure ML - Remote extension tried to install the Python extension as part of setting up the VSCode server and that's where they get this error: |
@chrmarti and @sandy081 Can you again look into that. It seems to be pop up again with the 1.62 version of VS Code (tough with all extension, not just the python). I have tested it by rolling back to 1.61.2 and then I can install all extensions again in WSL. But then as soon as update to 1.62 the installation of any extension in WSL fails. (The version "Remote - WSL" extensions is in both cases still the same same version - 0.58.5) When looking into the log it is quite obvious what happens different: In version 1.61.2 the cert error also happens but then it automatically downloads the extensions locally instead (line 1 & 2):
But now with version 1.62 the process just stops at the cert error:
I can workaround it for now by settings the So not sure which one would actually be the "correct" solution but I think either the extension installation process should automatically fail back again to local download (as it was in 1.61.2) or the vscode-server should automatically pickup the Thanks! |
In 1.62.0, I have made retry downloading (fallback) from local bit more strict and is triggered only when we see specific errors as it does not makes sense to retry if it failed for some obvious reasons. Lines 61 to 72 in 5e0d7da
I would be interested to know what error (name) is thrown in your case. So I added a debug statement for that. Can you please try with tomorrow's insiders and let me know that. For those users, who have connectivity issues on remote, there is a setting you can use to always download the extension locally - |
Ah yes that makes sense.
Sure, I will do that and keep you posted. 👍 |
I have just tested with the insider version (2021-11-10T07:59:05.913Z, Commit: bef4dba) but I am afraid that there is not really more to see in the log:
Further I have noticed also problem installing extensions during dev container build and startup. I have a dev container setup wich should install the
So it seems to be because of the same error as in WSL. That this is also when I have |
Thanks for the logs @J0F3. I got what I am looking for
It seems this is an error that I am not handling properly so that the fallback can be triggered - I will be fixing this here - #136710, So please follow up there.
While container is being created, extensions are downloaded and installed on remote server/container. Since the VS Code client is not yet connected to server, it is not possible to download on client and install on remote. CC @chrmarti |
Perfect! Thx!👍
Aha that makes sense. Thanks to your explanation I found what the problem was here. The container did not use the custom Root CA Certs of our company firewall. When I correctly define the Thank you for your help! |
Had this issue with my new WSL2 environment. We add two self signed root CAs to our trusted root certificates (via ❯ cat ~/.vscode-server/server-env-setup ❯ lsb_release -a |
VS Code 1.85 and later should automatically load the remote OS certificates for remote extensions. For WSL and local dev containers the local OS certificates are also loaded. @megakid Have you tried with VS Code 1.85 or later without setting |
I needed to do the same workaround to install Jupyter Extension on WSL2 Ubuntu22.04. VSCode version is 1.87.2 |
Yes, I had the exact same issue installing the Jupyter Extension (Id: ms-toolsai.jupyter) extension in WSL2 Ubuntu22.04. Version: 1.87.2 (user setup) Adding the environmental variable NODE_EXTRA_CA_CERTS to ~/.vscode-server/server-env-setup fixed the issue for me for now. |
Does this issue occur when all extensions are disabled?: Yes/No
My company uses an SSL inspection on company devices and provides a custom root CA certificate. In Windows, this is already pre-installed in the system certificate store and VS Code works fine in Windows where there are no problems installing & using Python language support. For WSL, the certificates & a process to install them in the system certificate store are provided (below) However, when trying to setup Python Language support in WSL I get a self-signed certificate error in spite of following the process to install the custom root certificates in WSL.
Steps to Reproduce:
self signed certificate in certificate chain
The text was updated successfully, but these errors were encountered: