Unable to access api.pulsar-edit.dev on corporate network: "self signed certificate in certificate chain"

[wesinator]

Thanks in advance for your bug report!

• [X] Have you reproduced issue in safe mode?
• [X] Have you used the debugging guide to try to resolve the issue?
• [X] Have you checked our FAQs to make sure your question isn't answered there?
• [X] Have you checked to make sure your issue does not already exist?
• [X] Have you checked you are on the latest release of Pulsar?

What happened?

If the device is connected to a corporate network that uses an org signed intermediate certificate for all network traffic, the client gives fetch errors on https://api.pulsar-edit.dev which prevents any packages from being installable in this scenario.

Pulsar version

v1.121.0

Which OS does this happen on?

🍎 macOS

OS details

14.7

Which CPU architecture are you running this on?

Apple M-series

What steps are needed to reproduce this?

1. system network config that uses a intermediate TLS certificate, like enterprise orgs or certain wifi networks.
2. Settings - Packages - search for a package to install, or click install on a recommended package.

$ cat /Users/user/.pulsar/.apm/_logs/2024-10-18T00_00_00_004Z-debug.log

0 info it worked if it ends with ok

1 verbose cli [

1 verbose cli   '/Applications/Pulsar.app/Contents/Resources/app/ppm/bin/node',

1 verbose cli   '/Applications/Pulsar.app/Contents/Resources/app/ppm/node_modules/npm/bin/npm-cli.js',

1 verbose cli   '--globalconfig',

1 verbose cli   '/Users/user/.pulsar/.apm/.apmrc',

1 verbose cli   '--userconfig',

1 verbose cli   '/Users/user/.pulsar/.apmrc',

1 verbose cli   'install',

1 verbose cli   'https://api.pulsar-edit.dev/api/packages/atom-clock/versions/0.1.18/tarball',

1 verbose cli   '--target=12.2.3',

1 verbose cli   '--disturl=https://artifacts.electronjs.org/headers/dist',

1 verbose cli   '--arch=arm64',

1 verbose cli   '--force-process-config',

1 verbose cli   '--global-style'

1 verbose cli ]

2 info using npm@6.14.19-pulsar1-1

3 info using node@v16.0.0

4 verbose npm-session b7d622faf239339b

5 silly install loadCurrentTree

6 silly install readLocalPackageData

7 silly fetchPackageMetaData error for https://api.pulsar-edit.dev/api/packages/atom-clock/versions/0.1.18/tarball request to https://api.pulsar-edit.dev/api/packages/atom-clock/versions/0.1.18/tarball failed, reason: self signed certificate in certificate chain

8 timing stage:rollbackFailedOptional Completed in 0ms

9 timing stage:runTopLevelLifecycles Completed in 108ms

10 verbose type system

11 verbose stack FetchError: request to https://api.pulsar-edit.dev/api/packages/atom-clock/versions/0.1.18/tarball failed, reason: self signed certificate in certificate chain

11 verbose stack     at ClientRequest.<anonymous> (/Applications/Pulsar.app/Contents/Resources/app/ppm/node_modules/npm/node_modules/node-fetch-npm/src/index.js:68:14)

11 verbose stack     at ClientRequest.emit (node:events:365:28)

11 verbose stack     at TLSSocket.socketErrorListener (node:_http_client:447:9)

11 verbose stack     at TLSSocket.emit (node:events:365:28)

11 verbose stack     at emitErrorNT (node:internal/streams/destroy:193:8)

11 verbose stack     at emitErrorCloseNT (node:internal/streams/destroy:158:3)

11 verbose stack     at processTicksAndRejections (node:internal/process/task_queues:83:21)

12 verbose cwd /private/var/folders/cn/5cbchh117_913978zdc_64snkmnjdk/T/apm-install-dir-2024918-82055-1d4iizg.8vvm

13 verbose Darwin 23.6.0

14 verbose argv "/Applications/Pulsar.app/Contents/Resources/app/ppm/bin/node" "/Applications/Pulsar.app/Contents/Resources/app/ppm/node_modules/npm/bin/npm-cli.js" "--globalconfig" "/Users/user/.pulsar/.apm/.apmrc" "--userconfig" "/Users/user/.pulsar/.apmrc" "install" "https://api.pulsar-edit.dev/api/packages/atom-clock/versions/0.1.18/tarball" "--target=12.2.3" "--disturl=https://artifacts.electronjs.org/headers/dist" "--arch=arm64" "--force-process-config" "--global-style"

15 verbose node v16.0.0

16 verbose npm  v6.14.19-pulsar1-1

17 error code SELF_SIGNED_CERT_IN_CHAIN

18 error errno SELF_SIGNED_CERT_IN_CHAIN

19 error request to https://api.pulsar-edit.dev/api/packages/atom-clock/versions/0.1.18/tarball failed, reason: self signed certificate in certificate chain

20 verbose exit [ 1, true ]

Additional Information:

several issues were reported in Atom https://github.com/atom/atom/issues/16964 https://github.com/atom/atom/issues/8465

I tried https://github.com/atom/apm/issues/340#issuecomment-438212048 $ NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt pulsar after copying the top-level org CA cert, and this didn't work.

there is this package designed for "adding extra certificates to Atom's trust store" https://github.com/nikitakit/cert-tweaks . I don't know if this still works in the latest version of Pulsar

I realise this may be considerd an edge case requiring customisation and not a bug in pulsar itself.

[savetheclocktower]

The good news is that any package can be installed directly from GitHub — just use owner/repo-name syntax:

ppm install b3by/atom-clock

This should do the right thing in most circumstances, and will even detect when updates are available if new commits are pushed to master or main. Not ideal, but at least a workaround for now.