Happened Again - Requests to servers using letsencrypt's new root certificate fail verifiction #136787
Comments
|
I am unable to repro with Can you provide some minimal repro steps, thanks! |
deepak1556
added
info-needed
|
I made a minimal example using the GOT library that I use in my extension, and reproduced it as follows: got.get('https://letsencrypt.org').then((response: Response) => {
console.log(response.body);
}).catch((error: any) => {
console.error(error);
});I downgraded the VSCode version to 1.61.2 and it works. When upgrading to 1.62.1 it returns to having certificate errors: GotError: certificate has expired
at onError (c:\Users\gabriel.alencar\Documents\Gitea\vscode-engpro-extension\node_modules\got\dist\source\request-as-event-emitter.js:140:29)
at handleRequest (c:\Users\gabriel.alencar\Documents\Gitea\vscode-engpro-extension\node_modules\got\dist\source\request-as-event-emitter.js:173:17)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket._finishInit (_tls_wrap.js:932:8)
at TLSWrap.onhandshakedone (_tls_wrap.js:706:12)
at TLSWrap.callbackTrampoline (internal/async_hooks.js:131:14) |
|
I am unable to repro on macOS will check on windows,
Not sure why it is failing in your case. |
deepak1556
added
confirmation-pending
electron
|
I am also seeing the same issue on Windows. It popped up as soon as vscode upgraded to 1.62.1. My extension can't make any api calls because of it. My coworker on a Mac also cannot reproduce the issue. |
|
Same here on Windows 10. Linux version working fine.
|
|
Same issue, server-rendered preview in the PlantUML extension (jebbs.plantuml) is broken due to this error. Version: 1.62.1 (user setup) |
|
Same issue, server-executed symbolic execution of rust-based smart contracts with SafePKT extension (v0.2.10), Version: 1.62.1 Thank you @AlencarGabriel for having reported this issue in the first place! |
|
same issue, 1.62.2, certificate on https://schema.abaplint.org/schema.json is valid, OS: windows 10
|
|
As a workaround, it seems to work if the user sets this option in user settings in VSCode
On Windows 10 our extension can't make api calls unless the user changes this setting |
Refer to this issue for more info: microsoft/vscode#136787 Settings changed are the following: microsoft/vscode#136787 (comment)
deepak1556
added
confirmed
|
I am running into the same issue on Linux (Fedora 35, VSCode v1.62.2 from official RPM build), disabling |
|
Sorry for the delay in getting back to this issue, firstly I was able to confirm the issue on windows. Based on #136787 (comment) it seems application adds root CA from the OS to the node network stack used in the extension host by #52880. As explained in #136787 (comment) due to the fix implemented in Electron versions <= 15, building certificate chains from the OS that carries the expired I would suggest to use the setting |
|
@deepak1556 thanks, looking at #136630 it seems like Electron 16 update is not part of this iteration? I'm not sure how much effort it is, but are we looking at half a year, or few months ahead? |
|
I think the label |
|
same here 😕 setting |
|
My users are getting this issue as well on Linux and Windows machines, Macs seem to work fine |
|
I removed the expired |
Windows will automatically refetch the cert, so removal isn't a option. |
Okay thanks for the clarification. 👍 |
|
Did not make it into the January release, hoping for February 🤩 |
|
confirmed working in 1.66, thanks ❤️ |
and others
Does this issue occur when all extensions are disabled?: Yes/No
More details:
Version: 1.62.1 (user setup)
Commit: f4af3cb
Date: 2021-11-05T10:57:55.946Z
Electron: 13.5.2
Chrome: 91.0.4472.164
Node.js: 14.16.0
V8: 9.1.269.39-electron.0
OS: Windows_NT x64 10.0.18362
Steps to Reproduce:
The same steps as the problems: #134244 and #134245.
The text was updated successfully, but these errors were encountered: