microsoft / vscode

Visual Studio Code
https://code.visualstudio.com
MIT License
163.86k stars 29.14k forks source link

Version 1.85 SSL certificate feature breaks all extensions #200772

Closed anthonyma94 closed 10 months ago

anthonyma94 commented 10 months ago

Does this issue occur when all extensions are disabled?: Yes/No Yes

VSCode 1.85 introduced a SSL certificate load feature for remote development feature. Unfortunately I couldn't get it to work. In fact, it breaks all extensions within WSL remote development, and my dev containers (loaded via WSL) are unable to even open (fails on Downloading VS Code Server... unable to get local issuer certificate).

We use ZScaler services, and I have the certificate copied into WSL and installed via update-ca-certificates. I also have it installed on the Windows side. NODE_EXTRA_CA_CERTS is added to both Windows and WSL (via /etc/environment).

vscodenpa commented 10 months ago

Thanks for creating this issue! It looks like you may be using an old version of VS Code, the latest stable release is 1.85.1. Please try upgrading to the latest version and checking whether this issue remains.

Happy Coding!

anthonyma94 commented 10 months ago

I have since tried out the issue with the Insiders build (1.86), same issue.

WangQvQ commented 10 months ago

How to solve this problem, is there any good solution?

chrmarti commented 10 months ago

Could you install the Network Proxy Test extension (https://marketplace.visualstudio.com/items?itemName=chrmarti.network-proxy-test) and check the output of F1 > Network Proxy Test: Test Connection in VS Code?

Make sure you are using a local window when doing so. (Not a window connected to WSL or a devcontainer.) This should tell us more about why the server download suddenly is failing.

If you cannot install the extension through the Extensions viewlet in VS Code, you can use the Download Extension link on the above linked page and then install the downloaded VSIX with F1 > Extensions: Install VSIX....

vscodenpa commented 10 months ago

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!

anthonyma94 commented 10 months ago

@chrmarti sorry for the late reply, I did both google and example.com, both came back 200.

Note: Make sure to replace all sensitive information with dummy values before sharing this output.

VS Code 1.86.0-insider (f87fb292c3af22e51a7f5c628496cd8d6fd9ecd5)
Network Proxy Test 0.0.8
win32 10.0.19045 x64

Settings:
- http.proxy: 
- http.proxyAuthorization: null
- http.proxyStrictSSL: false
  - globalValue: false
- http.proxySupport: off
  - globalValue: off
- http.systemCertificates: true

Environment variables:

Sending GET request to https://www.google.com...
Received response:
- Status: 200 OK
Certificate chain:
- Subject: www.google.com
  Subject alt: DNS:www.google.com
  Validity: Nov 20 08:09:47 2023 GMT - Feb 12 08:09:46 2024 GMT
  Fingerprint: 50:3E:DA:12:EC:7F:39:A5:E9:4F:16:D7:D6:AA:BF:45:15:44:7F:E9
- Subject: GTS CA 1C3 (Google Trust Services LLC)
  Validity: Aug 13 00:00:42 2020 GMT - Sep 30 00:00:42 2027 GMT
  Fingerprint: 1E:7E:F6:47:CB:A1:50:28:1C:60:89:72:57:10:28:78:C4:BD:8C:DC
- Subject: GTS Root R1 (Google Trust Services LLC)
  Validity: Jun 19 00:00:42 2020 GMT - Jan 28 00:00:42 2028 GMT
  Fingerprint: 08:74:54:87:E8:91:C1:9E:30:78:C1:F2:A0:7E:45:29:50:EF:36:F6
- Subject: GlobalSign Root CA (GlobalSign nv-sa)
  Validity: Sep  1 12:00:00 1998 GMT - Jan 28 12:00:00 2028 GMT
  Fingerprint: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
  Self-signed
Local root certificates:
- Subject: C=BE O=GlobalSign nv-sa OU=Root CA CN=GlobalSign Root CA
  Validity: Sep  1 12:00:00 1998 GMT - Jan 28 12:00:00 2028 GMT
  Fingerprint: B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
  Issuer: C=BE O=GlobalSign nv-sa OU=Root CA CN=GlobalSign Root CA
Note: Make sure to replace all sensitive information with dummy values before sharing this output.

VS Code 1.86.0-insider (f87fb292c3af22e51a7f5c628496cd8d6fd9ecd5)
Network Proxy Test 0.0.8
win32 10.0.19045 x64

Settings:
- http.proxy: 
- http.proxyAuthorization: null
- http.proxyStrictSSL: false
  - globalValue: false
- http.proxySupport: off
  - globalValue: off
- http.systemCertificates: true

Environment variables:

Sending GET request to https://example.com...
Received response:
- Status: 200 OK
Certificate chain:
- Subject: www.example.org (Internet Corporation for Assigned Names and Numbers)
  Subject alt: DNS:www.example.org, DNS:example.net, DNS:example.edu, DNS:example.com, DNS:example.org, DNS:www.example.com, DNS:www.example.edu, DNS:www.example.net
  Validity: Jan 13 00:00:00 2023 GMT - Feb 13 23:59:59 2024 GMT
  Fingerprint: F2:AA:D7:3D:32:68:3B:71:6D:2A:7D:61:B5:1C:6D:57:64:AB:38:99
- Subject: DigiCert TLS RSA SHA256 2020 CA1 (DigiCert Inc)
  Validity: Apr 14 00:00:00 2021 GMT - Apr 13 23:59:59 2031 GMT
  Fingerprint: 1C:58:A3:A8:51:8E:87:59:BF:07:5B:76:B7:50:D4:F2:DF:26:4F:CD
- Subject: DigiCert Global Root CA (DigiCert Inc)
  Validity: Nov 10 00:00:00 2006 GMT - Nov 10 00:00:00 2031 GMT
  Fingerprint: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
  Self-signed
Local root certificates:
- Subject: C=US O=DigiCert Inc OU=www.digicert.com CN=DigiCert Global Root CA
  Validity: Nov 10 00:00:00 2006 GMT - Nov 10 00:00:00 2031 GMT
  Fingerprint: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
  Issuer: C=US O=DigiCert Inc OU=www.digicert.com CN=DigiCert Global Root CA