search

joelspadin-garmin / vscode-private-extension-manager

Private extension manager for Visual Studio Code
103 stars 22 forks source link

strict-ssl behaviour is not as expected #12

Open gilsh743 opened 4 years ago

gilsh743 commented 4 years ago

I have a server runnning an Artifactory-Enterprise application with multiple npm registries.

The server uses HTTPS and is signed by the CA of my company. Since it is found in an air-gapped network it is not a verified CA, therfore when pulling packages via npm I set strict-ssl false to avoid getting the error "unable to verify the first certificate".

I read through the README which states any option supported by 'npm-registry-fetch' would propagate as-is when put in each registry's configuration section.

My configuration for this server:

{ "name": "My Private Marketplace", "registry": "https://some.domain.name/npm/vsix-only-packages/", "strict-ssl": false }

After pasting that into the generated "extensions.private.json" file, it loads for a brief moment and shows the following error message: "request to https://some.domain.name/npm/vsix-only-packages/-/v1/search?text=*&size=100&from=0&quality=0.65&popularity=0.98&maintenance=0.5 failed, reason: unable to verify the first certificate" As if I did not include the option at all.

I tried to figure out what's the cause for the issue but did'nt manage to find the source, as follows:

  1. Provided options to npm-registry-fetch to see if they propagate properly. passing custom headers (according to the "headers" option shows the extra headers on the request when looked at through fiddler.
  2. Validated npm-registry-fetch@^4.0.0 (the version used by the extension) supports the strict-ssl option.
joelspadin-garmin commented 4 years ago

Could you please elaborate? I'm not sure what is happening or what you're expecting to happen instead.

joelspadin-garmin commented 4 years ago

Sorry for the late response. Github doesn't send a notification when you edit a comment.

I've verified that the strict-ssl option is getting passed on to make-fetch-happen, which is the module that ultimately handles it. If that isn't doing anything, then it seems like either an issue with that module or other settings are needed too.

Make sure you don't have the same registry defined in both settings.json and an workspace's extensions.private.json with different options. If you have registries with the same URL and query defined in both places, the one from the workspace will override the one from your settings.

You may also want to check out the win-ca extension to see if that can help.