search

microsoft / vscode-remote-release

Visual Studio Code Remote Development: Open any folder in WSL, in a Docker container, or on a remote machine using SSH and take advantage of VS Code's full feature set.
https://aka.ms/vscode-remote
Other
3.61k stars 275 forks source link

please expose `--no-check-certificate` to wslDownload.sh #4444

Open btmurrell opened 3 years ago

btmurrell commented 3 years ago

Behind a corporate firewall, while starting code from a WSL terminal, it was trying vs code was attempting to download the latest vscode-server-linux to my system, but it failed with the following message:

ERROR: cannot verify az764295.vo.msecnd.net's certificate, issued by ‘C=US,ST=CT,L=Fairfield,OU=XX Corporate IT,O=Vandalay Industries,CN=XX External Issuing CA 202102082100’:
  Unable to locally verify the issuer's authority.
To connect to az764295.vo.msecnd.net insecurely, use `--no-check-certificate'.
ERROR: Failed to download https://update.code.visualstudio.com/commit:ea3859d4ba2f3e577a159bc91e3074c5d85c0523/server-linux-x64/stable to /home/merl/.vscode-server/bin/ea3859d4ba2f3e577a159bc91e3074c5d85c0523-1612821048.tar.gz
Please install missing certificates.

There is, however, no way to know where one might pass --no-check-certificate. Sniffing revealed that the script in the Windows user home directory .vscode\extensions\ms-vscode-remote.remote-wsl-0.52.0\scripts\wslDownloadl.sh is the one calling wget.

I know this download is chained from the code script itself, so it arguably does not make sense to expose the --no-check-certificate to the code command. So, one proposal might be to have that script read the vscode settings file for http.proxyStrictSSL. If set to false, it should provide --no-check-certificate to wget. I know I'm proposing solutions to you, but getting into that script and hard-coding the recommended flag solved my problem.

As a workaround for others, the editing the script as identified above might get you going. standard disclaimer, ymmv.

markbosshard commented 3 years ago

We are a Swiss corporation who would also be highly interested in exposing the variable as suggested above, would be a very easy-to-solve but helpful solution.

seanrjohnson commented 1 year ago

Ran into this issue today. Would be great to expose --no-check-certificate somehow.

Joshua-rose commented 1 year ago

Still running into this error. Work around is to run echo "check_certificate = off" >> ~/.wgetrc see https://superuser.com/a/1045163

tolgabalci commented 8 months ago

This is still an issue. For users, not an expert in Linux, VSCode makes it very easy to launch from WSL by just typing "code ."

Except for many corporate users it just doesn't work and you receive a message that states:

To connect to update.code.visualstudio.com insecurely, use --no-check-certificate

and it also states:

Please install missing certificates.
Debian/Ubuntu:  sudo apt-get install ca-certificates

Except there doesn't seem to be a good way to use the first option and the second option does not resolve the issue. Not only does the command which should make VSCode easy to use from WSL not working, it is daunting you with solutions that either cannot be used or do not work. I think this is a horrible experience, especially for a newcomer.

I would recommend at least finding a way for VSCode to detect the issue and show better options to the users. Possibly what @Joshua-rose recommended, which does work:

echo "check_certificate = off" >> ~/.wgetrc

SangTruongTan commented 3 months ago

Still running into this error. Work around is to run echo "check_certificate = off" >> ~/.wgetrc see https://superuser.com/a/1045163

It completely solves my problem in a beautiful manner. Thanks.