You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For security purposes, my company uses a transparent SSL/TLS
inspection (not a regular explicit HTTP proxy! there is no proxy to
configure, or https_proxy environment variable to set!), which means
that we have to add a certificate to all the trustlists of all
software we use. Why? Because if we don't do that for e.g. VSCode,
then whenever VSCode tries to access the internet through https,
VSCode's TLS layer will in fact hit the https of the "transparent"
inspection, and NOT trust it. And as this is for security, we won't
disable certificate verification.
In my case, I have installed VSCode through the .deb package. I have
installed some open-source extension written in TypeScript; here, it's
Red Hat Dependency Analysis, for which you can find the source code
here:
I suspect it runs directly under VSCode's nodejs process, and
therefore that it reuses VSCode's list of trusted certificates. I
guess any similar extension will yield the same symptoms:
request to https://rhda.rhcloud.com/api/v4/analysis failed, reason:
self signed certificate in certificate chain.
Source: Red Hat Dependency Analysis
First, is there a way to obtain VSCode's list of trusted certificates,
so that at least I can progress in my investigation of this issue?
Also, where is this list stored?
Is there a simpler test I can do in my investigations to check whether
VSCode's Nodejs engine can access https addresses without certificate
errors?
In any case, if the VSCode package does not use the operating system's
list of trusted certificates but its own list, I think there should be
a way for users to add a certificate to that list. This is the main
point of this ticket.
Thanks!
Best regards
Fabrice
VS Code version: Code 1.89.1 (dc96b83, 2024-05-07T05:16:23.416Z)
OS version: Linux x64 6.5.0-35-generic
Modes:
fbauzac
changed the title
Allow adding certificates to VSCode's list of trusted certificates
Cannot add certificates to VSCode's list of trusted certificates
May 18, 2024
fbauzac
changed the title
Cannot add certificates to VSCode's list of trusted certificates
Cannot add certificates to VSCode's list of trusted certificates with the .deb package
May 18, 2024
OK, problem found: one of the OS-level certificates had \r\n line endings. Converting to UNIX style fixed the issue.
I'm closing this issue. Sorry for the noise!
Type: Bug
Version: 1.89.1
Commit: dc96b83
Date: 2024-05-07T05:16:23.416Z
Electron: 28.2.8
ElectronBuildId: 27744544
Chromium: 120.0.6099.291
Node.js: 18.18.2
V8: 12.0.267.19-electron.0
OS: Linux x64 6.5.0-35-generic
Hello,
For security purposes, my company uses a transparent SSL/TLS
inspection (not a regular explicit HTTP proxy! there is no proxy to
configure, or https_proxy environment variable to set!), which means
that we have to add a certificate to all the trustlists of all
software we use. Why? Because if we don't do that for e.g. VSCode,
then whenever VSCode tries to access the internet through https,
VSCode's TLS layer will in fact hit the https of the "transparent"
inspection, and NOT trust it. And as this is for security, we won't
disable certificate verification.
In my case, I have installed VSCode through the .deb package. I have
installed some open-source extension written in TypeScript; here, it's
Red Hat Dependency Analysis, for which you can find the source code
here:
https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/tree/master
I suspect it runs directly under VSCode's nodejs process, and
therefore that it reuses VSCode's list of trusted certificates. I
guess any similar extension will yield the same symptoms:
First, is there a way to obtain VSCode's list of trusted certificates,
so that at least I can progress in my investigation of this issue?
Also, where is this list stored?
Is there a simpler test I can do in my investigations to check whether
VSCode's Nodejs engine can access https addresses without certificate
errors?
In any case, if the VSCode package does not use the operating system's
list of trusted certificates but its own list, I think there should be
a way for users to add a certificate to that list. This is the main
point of this ticket.
Thanks!
Best regards
Fabrice
VS Code version: Code 1.89.1 (dc96b83, 2024-05-07T05:16:23.416Z)
OS version: Linux x64 6.5.0-35-generic
Modes:
System Info
canvas_oop_rasterization: disabled_off
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: disabled_software
vulkan: disabled_off
webgl: enabled
webgl2: enabled
webgpu: disabled_off
Extensions (19)
A/B Experiments
The text was updated successfully, but these errors were encountered: