search

jmrog / vscode-nuget-package-manager

An extension for Visual Studio Code that lets you easily add or remove .NET Core 1.1+ package references to/from your project's .csproj file using Code's Command Palette.
MIT License
34 stars 17 forks source link

Investigate Issues with Self-Signed Certificates and Transparent Proxies #24

Closed jmrog closed 6 years ago

jmrog commented 7 years ago

See especially this comment. It may be that this plugin should set the rejectUnauthorized TLS option to false when a user has set http.proxyStrictSSL to false.

ryanmendoza commented 6 years ago

It looks like this was supposed to be fixed in 1.1.4, however I am still seeing the issue.

Error: request to https://api-v2v3search-0.nuget.org/autocomplete?q=identityserver&prerelease=true&take=100 failed, reason: unable to get local issuer certificate

http.proxyStrictSSL is set to false in my configuration and is honored by other plugins.

jmrog commented 6 years ago

@ryanmendoza v1.1.4 included a "partial" fix for related issues. However, there was additional work I wanted to try out, mentioned in this comment. I never did get around to doing that, though, because the reporter of #21 resolved his issues and moved on. I'll see what I can do, but may want you to test an early release if that's possible.

jmrog commented 6 years ago

@ryanmendoza I implemented the thing that I wanted to implement in the earlier comment I mentioned (at least, as far as I could remember what I wanted to do), and created a new distributable package that is available here: https://github.com/jmrog/vscode-nuget-package-manager/blob/master/dist/vscode-nuget-package-manager-1.1.6.vsix. Would you mind installing that version of the package and seeing whether it resolves your issue? If it does, I'll release as usual through the extension marketplace. If it doesn't, I'll reopen this issue. Thanks!

jmrog commented 6 years ago

I'm going to go ahead and release the latest package via the extension marketplace soon, likely some time today.

itjstagame commented 5 years ago

@jmrog I'm not sure why no one else has ran in to this issue until now, but it appears this fix will not work for me.

Looking a the code it seems the proxyStrictSSL setting is fully ignored if proxy is blank. https://github.com/jmrog/vscode-nuget-package-manager/blob/18b028ac7db869f44d877adbe240c5740747986b/src/utils/getFetchOptions.ts#L22

I'm having an issue similar to what bleggett described here https://github.com/Microsoft/vscode/issues/155#issuecomment-170143500 I do not know or need to know my corporate proxy. For node, etc, I can set just strict-ssl to false and it all works. I do not supply a proxy.