search

microsoft / live-share

Real-time collaborative development from the comfort of your favorite tools
http://aka.ms/vsls
Creative Commons Attribution 4.0 International
2.28k stars 253 forks source link

[VS Code] Starting collaboration session: Could not connect to the server. HTTPS connection failed, verify there are no self-signed certificates or custom cert validation policies blocking Live Share. #2216

Closed maxie7 closed 5 years ago

maxie7 commented 5 years ago

LiveShareLogs.zip

%0A%0A%23%23 Error:%0AStarting collaboration session: Could not connect to the server. HTTPS connection failed, verify there are no self-signed certificates or custom cert validation policies blocking Live Share.%0A%0A%23%23 Steps to Reproduce:%0A1.%0A2.%0A%0A||Version Data|%0A|-:|:-|%0A|**extensionName**|VSLS|%0A|**extensionVersion**|1.0.337|%0A|**protocolVersion**|2.2|%0A|**applicationName**|VSCode|%0A|**applicationVersion**|1.35.0|%0A|**platformName**|Linux|%0A|**platformVersion**|4.19.0-5-amd64|
Priya91 commented 5 years ago

@maxie7 From your logs

Connecting to <https://prod.liveshare.vsengsaas.visualstudio.com/3f898b5d> via proxy failed with exception System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> System.TypeInitializationException: The type initializer for 'SslMethods' threw an exception. ---> System.TypeInitializationException: The type initializer for 'Ssl' threw an exception. ---> System.TypeInitializationException: The type initializer for 'SslInitializer' threw an exception. ---> Interop+Crypto+OpenSslCryptographicException: error:0E076071:configuration file routines:MODULE_RUN:unknown module name
   at Interop.SslInitializer..cctor()
   --- End of inner exception stack trace ---
   at Interop.Ssl..cctor()
   --- End of inner exception stack trace ---
   at Interop.Ssl.SslV2_3Method()
   at Interop.Ssl.SslMethods..cctor()
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SafeDeleteSslContext..ctor(SafeFreeSslCredentials credential, SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, SecurityBuffer inputBuffer, SecurityBuffer outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_0(SslClientAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
   at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)

What OS or distro version are you on?

maxie7 commented 5 years ago

Debian GNU/Linux 10 (buster), and just in case -- OpenSSL 1.1.1b because of

at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)

Priya91 commented 5 years ago

This is a .NET Core bug, maybe a compatibility issue with the OS native pointer references in .NET Core. I've filed the bug here: https://github.com/dotnet/corefx/issues/38467

Priya91 commented 5 years ago

@maxie7 From the Debian releases, buster is not yet released

https://www.debian.org/releases/

If there's a change to the native modules in that release, .NET Core will likely release an update after the distro gets stable.

Priya91 commented 5 years ago

As per .NET Core team, the 3 solutions to enable loading the right openssl version:

The three solutions:

1) Comment out the ssl_conf value in /etc/ssl/openssl.cnf 2) Uninstall OpenSSL 1.0.x 3) Set CLR_OPENSSL_VERSION_OVERRIDE=1.1 to force OpenSSL 1.1 to be used. (2.1 prefers binding to OpenSSL 1.0.x because that's what it shipped with... it only uses 1.1 if explicitly told to, or if 1.0 isn't available)

maxie7 commented 5 years ago

Now It works!!! Thank you!!!

DavidS commented 5 years ago

For the record, I still had a libssl1.0.2 hanging around that nobody needed. Purging that resolved my problem.

matheusfrancisco commented 5 years ago

For the record, I still had a libssl1.0.2 hanging around that nobody needed. Purging that resolved my problem.

Solve my problem thx

apt purge libssl1.0.2:amd64

but maybe some people need to install 

apt install libssl1.1

My OS is debian 10

dnzxy commented 4 years ago

@Priya91 Tried aforementioned steps, still have the same error:

Starting collaboration session: Could not connect to the server. HTTPS connection failed, verify there are no self-signed certificates or custom cert validation policies blocking Live Share.

Under etc/ssl/openssl.cnf there is no such property ssl_conf (also no openssl_conf respectively). The currently installed version on my system is OpenSSL 1.1.1

Also worth mentioning that there is no such lib (libsssl1.0.2) still hanging around as mentioned in another comment.

I'm trying to sign in using a VS Code Remote-WSL, my dist is Ubuntu 18.04.

Any ideas? Thx in advance!

nicolasdossantos commented 4 years ago

@Priya91 Experiencing the same problem as @dnzxy on MacOS Catalina

dnzxy commented 4 years ago

@Priya91 Any response or help would be very much appreciated, it's been almost a month.

ahtabrizi commented 3 years ago

@dnzxy I had the same problem as you on Ubuntu 16.04 using vscode liveshare. I just downgraded to Openssl 1.0.2 from 1.1.1 and now it works. I had updated openssl to 1.1.1 before (using this), so I thought reverting back to original apt installation would work. So I uninstalled 1.1.1 using make uninstall. and installed 1.02 using apt-get install openssl. Now LiveShare can authenticate and start collaboration successfully.

maxie7 commented 3 years ago

@ahtabrizi, I wouldn't advise to downgrade openssl because it has a lot of vulnerabilities and some of them are severe >> https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/version_id-180641/Openssl-Openssl-1.0.2.html This is responsibility of VS Code Team, it is better not to use it yet, because it is like flying on a plane with one wing

dnzxy commented 3 years ago

@ahtabrizi thanks for your comment and idea – but i must strongly agree with @maxie7, i will not be downgrading (i can't due to company policy actually) the openssl version and i see the issue's responsibility with the vs code team / microsoft. been over 3 months now, i hope that since the issue has been re-opened this month there will be somewhat of a solution or at least reaction from anyone.

ahtabrizi commented 3 years ago

@dnzxy @maxie7 I agree with you guys, downgrading OpenSSL may have severe security repercussions. But I was so desperate to make it work, I managed to find this workaround. Hope it helps the vscode team to pinpoint the problem and fix it asap. On the other hand, the default apt installation of OpenSSL is still outdated on ubuntu16, they should update it but since this year is the last year of the support for ubuntu16, it seems unlikely to happen.

bughaver commented 3 years ago

Getting this error on macos, anyone have a solution to ignore ssl errors? I'm behind a proxy.

mcauto commented 2 years ago

same here. I use WSL2 and Ubuntu20.04

image

image

alvarlagerlof commented 2 years ago

I've not had this issue once since it was created, but recently I can't start live share either. Fedora 36.