Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libman: library could not be resolved by 'cdnjs' provider AGAIN #711

Closed
LLIAMAH opened this issue Jul 14, 2023 · 8 comments · Fixed by #751
Closed

libman: library could not be resolved by 'cdnjs' provider AGAIN #711

LLIAMAH opened this issue Jul 14, 2023 · 8 comments · Fixed by #751

Comments

@LLIAMAH
Copy link

LLIAMAH commented Jul 14, 2023

Describe the bug

Some time ago I got the problem: #699
After some actions I received required libs and all was OK, but - in one time I have to add NEW one lib and was surprised that received same error.
image

I'll checked another libs:

  1. Some libs - could not be resolved by message
  2. Some libs - does not show any autocomplete list during typing the name of lib.
  3. Some libs - libman shows lib folder and files, but cannot download FULL array of files (start download, but breaks on some file and fail the process of installation whole lib)

To Reproduce

Steps to reproduce the behavior:

  1. I'm using Visual Studio 2022 latest RELEASED version Win10 Pro latest updates and TLS settings:
LibManInternetOptions
  1. libman --version: 2.1.175+29a28921bd.RR
  2. totally clean cache of the libman
  3. Create new Asp.net project and try to get some libs - for me it is enough to reproduce problem.

Expected behavior

  1. Would be nice to have valid behavior, when all libs/.autocompletes are shown and libs successfully installs
  2. Would be nice to have VALID message error - which exists in InternalException: "SSL/TLS problem" instead of general "cdnjs could not resolve..." or "lib load failed.."
  3. Would be nice to have combobox in this dialog or command parameter, which allows to set TLS 1.2 via command line parameters.

Additional context

I started to investigate and TADAM! Problem in security certificates AGAIN! So it is from minor-middle bug, should increase priority and fixed in result, I guess.
I don't know why forced set options to TLS 1.2 doesn't work anymore (this helped in past) - may be after installing latest Win10 updates. But in current moment I could take NEW libs ONLY via libman Debug + dependent VS opened solution with this row.

I downloaded libman codes, started it and found that:

  1. Error raises in the Row#49 - GetStreamAsync - failed.
  2. Process works fine if Row#59 is added (whole row is added by me).
LibManSourceOfTHeProblem

I UNDERLINE: that ALL 3 problems of the

  • not showing libs,
  • autocomplete missed
  • unsuccessful downloading of the lib files set

are WORKED FINE for me if Row#59 exists. So would be nice to have option to force switching it on.
@gaelj
Copy link

gaelj commented Mar 14, 2024

Hi @jimmylewis ! Is there any chance of seeing this bug fixed ? It impacts all people who are forced to use old TLS version for various reasons. Unfortunately in some work environments, software upgrades are not easily done.
Thanks 👍

@LLIAMAH
Copy link
Author

LLIAMAH commented May 4, 2024

Hi @jimmylewis ! Is there any chance of seeing this bug fixed ? It impacts all people who are forced to use old TLS version for various reasons. Unfortunately in some work environments, software upgrades are not easily done. Thanks 👍

FYI: I've created my own libman visual studio extension package and replaced it on mine system ;). Hardcoded required TLS and got the result.

@gaelj
Copy link

gaelj commented May 5, 2024

@LLIAMAH great job ! Why don't you submit it in a pull request 😊

@LLIAMAH
Copy link
Author

LLIAMAH commented May 7, 2024

@LLIAMAH great job ! Why don't you submit it in a pull request 😊

Cause it has hardcoded inset for few private cases only.
It would be nice to have something like select list to choose required TLS cert in the GUI menu or CLI command, but GUI part didn't loaded properly in my designer view :(.

@jimmylewis
Copy link
Contributor

I'm thinking that this could be done as a setting e.g. do something like libman config --set forcetls12=true. This way it would only apply to users that need it, and it's an explicit step to configure (it wouldn't happen by accident).

One issue however is that using ServicePointManager.SecurityProtocol configures the setting for the current application - meaning it could be the libman CLI, or msbuild, or Visual Studio. The latter two make this a non-starter; we can't (shouldn't) just change the security settings for those processes.

@LLIAMAH does it work if you add

            httpMessageHandler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;

after line 61 instead? Since I can't reproduce the problem, I can't tell if this would resolve it, but I'm trying to limit the impact to only the libman web requests.

jimmylewis added a commit to jimmylewis/LibraryManager that referenced this issue May 11, 2024
@jimmylewis
Add setting to force TLS 1.2
e8f9c58 
Per aspnet#711 (and aspnet#699 before it), some users need to force TLS 1.2 for libman to work.

This change adds a new user setting, "forcetls12", which will set libman to use TLS1.2 for any HttpClient it creates.

I verified via WireShark that the traffic to services (cdnjs, etc) that libman calls to switched from 1.3 (my system default) to 1.2 when this setting was in place, and returned to 1.3 by unsetting it.  I could also see that other connections from within VS were still using TLS1.3 so we didn't affect other components on accident.
@jimmylewis jimmylewis mentioned this issue May 11, 2024
Merged
@jimmylewis
Copy link
Contributor

@LLIAMAH I made a draft PR that I think implements this so it addresses my concerns. Can you give it a try and see if it solves the problem for you?

To force TLS 1.2, you need to use the libman CLI to do libman config --set forcetls12=true. It should then work in any host (CLI/msbuild/VS) with a private build from my PR branch. You can turn it off (revert to default behavior) by doing libman config --set forcetls12=

@LLIAMAH
Copy link
Author

LLIAMAH commented May 12, 2024

@LLIAMAH does it work if you add

            httpMessageHandler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;

after line 61 instead? Since I can't reproduce the problem, I can't tell if this would resolve it, but I'm trying to limit the impact to only the libman web requests.

Yes. Exactly this one line.
But please don't forget to reflect same option in GUI part, too.

@jimmylewis
Copy link
Contributor

The GUI will respect the setting, but the only way to configure libman settings like this for now is to use the CLI to set or unset the value. Implementing a GUI for editing settings would need to be a separate feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add setting to force TLS 1.2 jimmylewis/LibraryManager
3 participants
@jimmylewis @LLIAMAH @gaelj