search

jabbera / vsts-git-release-tag

This is a vsts extension that will add a git tag when the task is run from a release
MIT License
14 stars 9 forks source link

Unable to get local issuer certificate with self-hosted agent on-premises #69

Open JoshMichTot opened 4 years ago

JoshMichTot commented 4 years ago

Hi guys, This add-in worked well so far but got an issue while upgrading to latest Azure DevOps 2019 on Premise. `git-tag-on-release-task: Version: 8.0.1

[error]unable to get local issuer certificate`

This error could be link to the fact my company enforced TLS 1.2 as default security protocol. I managed to customise PowerShell script from different plug-in adding [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Anyone got the same issue ? Are you mostly using it on Azure DevOps Service ?

jabbera commented 4 years ago

This uses node not powershell so that fix won't work. Do you have the NODE_ ca env variable set?

JoshMichTot commented 4 years ago

I'm still investigating this issue. I do not think it's link to the security protocole upgrade Tls 1.2. The other change that happen on our premise was the switch to https connection with TFS server.

Is anyone else using it with https on Premise or is it mostly used on Cloud ? I believe the code could fail at the connection

            let token: string = tl.getEndpointAuthorizationParameter("SYSTEMVSSCONNECTION", "AccessToken", false);
            let collectionUrl: string = tl.getEndpointUrl("SYSTEMVSSCONNECTION", false).replace(".vsrm.visualstudio.com", ".visualstudio.com"); // need build
            let authHandler = token.length === 52 ? vsts.getPersonalAccessTokenHandler(token) : vsts.getBearerHandler(token);
            let connect = new vsts.WebApi(collectionUrl, authHandler);

            let gitapi: git.IGitApi = await connect.getGitApi();

It's maybe link to the certificate management with the on premise agent.