Skip to content

chore: additional error categories for macOS cert api#305154

Merged
deepak1556 merged 2 commits intomainfrom
robo/update_electron
Mar 26, 2026
Merged

chore: additional error categories for macOS cert api#305154
deepak1556 merged 2 commits intomainfrom
robo/update_electron

Conversation

@deepak1556
Copy link
Copy Markdown
Collaborator

@deepak1556 deepak1556 commented Mar 26, 2026

For #287739

Additional error categories to tls.getSystemCACertificatesErrors api

TotalCertsToProcess      - Total keychain certs before filtering
                             (error_code = count)

  SecItemCopyMatching      - Keychain query failed entirely (fatal)

  SecCertificateCopyData   - Failed to extract DER data from
                             SecCertificateRef

  DERDecode                - OpenSSL d2i_X509 failed to parse DER bytes

  TrustSettingsCopy        - SecTrustSettingsCopyTrustSettings returned
                             unexpected OSStatus

  TrustEvaluation          - Certificate rejected by
                             IsCertificateTrustedForPolicy (excluded
                             from final cert list)

  TrustDictDefaultTrustRoot - Self-issued cert with absent
                              kSecTrustSettingsResult key: Apple docs
                              default to TrustRoot (Chromium returns
                              TRUSTED), Node.js returns UNSPECIFIED

  TrustPolicyComparison    - Compares SecPolicyCreateSSL(false) vs
                             SecPolicyCreateSSL(true) results per cert.
                             error_code: 0=both fail, 1=server-only,
                             2=client-only, 3=both pass

  TrustEvalFallback        - Cert had no explicit trust settings, fell
                             through to SecTrustEvaluateWithError
                             (no Chromium equivalent). error_code:
                             1=trusted, 0=rejected

  Duplicate                - Same cert found in multiple keychains

  Expired                  - Trusted cert with notAfter in the past
                             (Chromium would filter; Node.js still
                             includes)

  UnsupportedKeyUsage      - Trusted cert lacking SSL key usage flags
                             (Chromium would filter; Node.js still
                             includes)

@deepak1556 deepak1556 added this to the 1.114.0 milestone Mar 26, 2026
@deepak1556 deepak1556 self-assigned this Mar 26, 2026
Copilot AI review requested due to automatic review settings March 26, 2026 12:38
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the pinned Microsoft build identifiers for the Electron (root) and Node (remote) native header downloads, presumably to pick up macOS system certificate error-category changes referenced in the linked issue.

Changes:

  • Bump Electron headers ms_build_id in .npmrc.
  • Bump Node headers ms_build_id in remote/.npmrc.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.npmrc Updates Electron headers ms_build_id to a newer Microsoft build.
remote/.npmrc Updates Node headers ms_build_id to a newer Microsoft build for remote builds.

@deepak1556 deepak1556 marked this pull request as ready for review March 26, 2026 13:36
@deepak1556 deepak1556 enabled auto-merge (squash) March 26, 2026 14:45
@deepak1556 deepak1556 merged commit 6eee457 into main Mar 26, 2026
25 of 29 checks passed
@deepak1556 deepak1556 deleted the robo/update_electron branch March 26, 2026 14:49
mjbvz pushed a commit to mjbvz/vscode that referenced this pull request Mar 26, 2026
@deepak1556 @mjbvz
chore: additional error categories for macOS cert api (microsoft#305154)
ce3a0e9 
* chore: additional error categories for macOS cert api

* chore: bump distro
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chrmarti chrmarti chrmarti approved these changes

Assignees

@deepak1556 deepak1556

Labels

None yet

Projects

None yet

Milestone

1.114.0

Development

Successfully merging this pull request may close these issues.

3 participants

@deepak1556 @chrmarti