Can't install extensions or use TLS/SSL behind corporate decrypting firewall without strictSSL=false #9790
Comments
|
@brianary I couldn't understand from your comment, but does setting |
|
Yes, in the sense that I can install extensions without the benefit of a validated certificate chain, but that isn't really an option in a high-security environment. |
|
This may be related to nodejs/node#3159 |
joaomoreno
changed the title
joaomoreno
added
bug
|
Yeah it is, we are blocked by it. One more question: did you need to also set up a proxy in Code? |
|
No, we had a proxy at one time, but this current system operates on all network traffic through the firewall. |
|
And what happens is that firewall just patches the responses coming from the Internet with its own certificate? |
|
The connection to the firewall is secured with its own cert, then a connection from the firewall to the destination uses the destination's cert. This allows the firewall to perform content filtering on https traffic. |
|
I'm having the same issue, but even with: I'm getting the error, this change started with the Even with configuring the |
|
Same here with Insiders 1.5.0. It seems to be even more aggressively preventing local certs. |
|
I am experiencing the same thing. We do NOT have a proxy server and our corporate firewall decrypts all ssl traffic for inspection and then re-encrypts it using it's own intermediate cert. Our corporate intermediate cert is in my keychain (on mac) as a trusted certificate but VS Code does not recognize this trusted intermediate cert. We have regretfully been working around this issue with "http.proxyStrictSSL": false in user settings but I just updated VS Code yesterday to Version 1.5.1 and now even the proxyStrictSSL=false is no longer working and I am continually getting "Error self signed certificate in certificate chain" even though the certificate is in my 'keychain', it is valid and issued by our corporate certificate authority. It seems that something in the update to v1.5.1 has over-ridden the "http.proxyStrictSSL": false option. It would be nice if VS Code could honor the systems certificate trust settings! |
|
|
|
I also wish to be able to specify a ca in the settings like npm supports using "set ca". We're behind a TLS intercepting proxy. Setting proxyStrictSSL to false works but is not my preferred solution. |
|
An alternative fix to using the system CA bundle is to do something similar to git's |
joaomoreno
added
proxy
|
Same problem - our "proxy" is not a manually configured proxy server - it's an inline process handled by the firewall so the proxy setting options are not viable for us. I'd prefer an option in the UI to import/trust the signing authority to having to find a way to download/distribute. |
|
Merging with #27838 |
|
This isn't a proxy issue. Why was this closed?
…On Mon, Jul 3, 2017, 05:34 João Moreno ***@***.***> wrote:
Closed #9790 <#9790>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#9790 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AH8mJ5fIlUF-9rIqaIYfSaDhk-PmS4GJks5sKN-6gaJpZM4JVQoG>
.
|
Steps to Reproduce:
Steps to Reproduce:
We use a decrypting firewall, which requires adding a local cert as a trusted authority.
For some really dumb reason, both VS and VS Code do not seem to use the Windows list of Trusted Authorities, where the certs were placed by group policy. Right now we can choose just not to use any SSL content (all extensions tried so far), or disable all SSL checking (
strict-ssl=falsein user settings), which would be wildly irresponsible. So that's a huge hassle.We really need either VS Code to honor imported Trusted Authorities from the Windows cert store, or a way to import a trusted cert into VS Code's special, unique snowflake cert store.
The text was updated successfully, but these errors were encountered: