How to disable certificate check?

[PerryWerneck]

When trying to use the extension with a priva OBS instance it fails with certificate error. The osc command line application works fine.

An internal error occurred

Please report it upstream: https://github.com/SUSE/open-build-service-connector/issues/new

and include the following information:

message: No error recorded

Log file (please remove sensitive information):

{"level":50,"time":1623248719362,"pid":10686,"hostname":"yoga","msg":"Tried to read in a package from /home/perry/osc/home:perry/reinstall-conf-tcc, but got the error: Error: Cannot fetch project via from the API 'https://intranet': no account is configured"}
{"level":50,"time":1623248719473,"pid":10686,"hostname":"yoga","msg":"Tried to read in a package from /home/perry/osc/home:perry/reinstall-conf-tcc, but got the error: Error: Cannot fetch project via from the API 'https://intranet': no account is configured"}
{"level":50,"time":1623248732350,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248732352,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248732353,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248746926,"pid":10686,"hostname":"yoga","msg":"Could not obtain fsPath from uri vscode-userdata:/home/perry/.config/Code/User/settings.json"}
{"level":50,"time":1623248758890,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248758892,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248758893,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248777191,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248777193,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248777195,"pid":10686,"hostname":"yoga","code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","stack":"Error: unable to verify the first certificate\n\tat TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)\n\tat TLSSocket.emit (events.js:315:20)\n\tat TLSSocket._finishInit (_tls_wrap.js:932:8)\n\tat TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","type":"Error","msg":"unable to verify the first certificate"}
{"level":50,"time":1623248783294,"pid":10686,"hostname":"yoga","msg":"Tried to read in a package from /home/perry/osc/home:perry/reinstall-conf-tcc, but got the error: Error: unable to verify the first certificate"}

[dcermak]

Hi @PerryWerneck, this is currently not possible and I am rather hesitant to add this feature, because it is pretty dangerous. I have however started revamping the SSL certificate checks, so it should be simpler to add your own certificates to vscode. Would that work for you as well?

[PerryWerneck]

Yes. I think so. Why not use the certificates already installed in the system on /etc/pki/trust/anchors ?

[dcermak]

Because VSCode sometimes decides that it does not want to use these. I have systems where it will use locally installed certificates and systems where it does not. Also, this gets more complicated if you use the vscode flatpak, which might not be allowed to read this location.

Long story short: this is not necessarily something one should or can tamper with as an extension.

[PerryWerneck]

It was just a comment. Didn't know about this "microsoft standard" behavior (: on vscode.