Package search: unable to get local issuer certificate

[ToBoMi]

Thanks in advance for your bug report!

• [X] Have you reproduced issue in safe mode?
• [x] Have you used the debugging guide to try to resolve the issue?
• [x] Have you checked our FAQs to make sure your question isn't answered there?
• [X] Have you checked to make sure your issue does not already exist?
• [X] Have you checked you are on the latest release of Pulsar?

What happened?

The package search in pulsar cannot find packages because of missing certificates. Error is: unable to get local issuer certificate

I am in a corporate network and there are special (self-signed?) certificates.

Downloading and installing packages works by passing NODE_EXTRA_CA_CERTS as environmental variable to pulsar (more on this here. While this solves the package downloading issue it does not solve the searching issue - should it?

Pulsar version

1.114.2024031604

Which OS does this happen on?

🪟 Windows

OS details

Version 10

Which CPU architecture are you running this on?

x86_64/AMD64

What steps are needed to reproduce this?

Doesn't make sense, since I don't know how the corporate network was created in detail.

Additional Information:

First install ever for me, user installation

[confused-Techie]

Thanks for reporting this issue.

I'd highly recommend taking a look at the proxy PPM setup to see if you can apply it to your setup. As that's commonly what's required on a enterprise network setup like that.

[ToBoMi]

I did already. It suggests to set SSL to false and setup proxy settings.

Proxy

I played with various proxy server settings, which doen't make sense here - since there is no proxy in between. The proxy script sould™ return DIRECT because for the URL of pulsar packages no proxy is in that script.

SSL

I can disable strict-ssl and it has an effect on the installation of packages, but not on the search. Disabling SSL makes me able to install the suggested packages without telling pulsar (ppm more precisely) where to find certificates. Enabling SSL and telling pulsar (ppm) where to find certificates and I can even install the suggested packages with SSL enabled.

Searching for packages that I would like to install is unaffected by all these settings. That is why I reach out to the devs. It seems certificate handling is different for package installation and package search.

[ToBoMi]

Can I somehow find out what is going on here? Are there logs? The developer tools (console) do not show anything when starting the search.

[confused-Techie]

Sorry for lag, I've been trying to do some investigation on our end.

But here's some further details that might be helpful in troubleshooting.

When you install a package, the request is being made directly to GitHub to download the source code of the package. So it seems that GitHub is able to work with your corporate proxy settings.

Meanwhile when you search for packages that's only hitting the PPR (Pulsar Package Repository) which is hosted in GCP, which doesn't seem to like the corporate proxy settings.

As for logging, yeah the request itself is made by the CLI utility PPM, not the actual Pulsar application, that's why DevTools doesn't show anything useful. By running PPM in the command line you may be able to get more errors detailing what's going wrong.

Otherwise if we could coordinate like privately messaging on Discord, or if you could let me be aware of a unique search that you could make, such as your username, I could then try to check the logs on our end to see if I can find out any more.

[ToBoMi]

Meanwhile when you search for packages that's only hitting the PPR (Pulsar Package Repository) which is hosted in GCP, which doesn't seem to like the corporate proxy settings.

I think that the certificate error is not a problem in general with the URL of the PPR because ...

By running PPM in the command line you may be able to get more errors detailing what's going wrong.

in the cmd (Windows) I can search using ppm even without setting the certificates through NODE_EXTRA_CA_CERTS (makes sense here, since ppm is not a Node app I think) :

When I start Pulsar from that cmd and search for packages - which in turn should start ppm - it is unable to find packages: unable to get local issuer certificate - certificate problem or in other words: doesn't find the needed certificates.

Summary

I think Pulsar is getting certificates through NODE_EXTRA_CA_CERTS and because of that it can install things directly when the package is listed (didn't know that it uses github directly instead of ppm before) - that's what was already known.

Why does the search which is started from Pulsar UI - through ppm - not finding the certificates although it works thourgh ppm in general through the command line?

[yodatak]

If people want workaround, for windows in powershell in runtime

$env:NODE_TLS_REJECT_UNAUTHORIZED = 0

or Add environement variable in windows

NODE_TLS_REJECT_UNAUTHORIZED and value 0

lets hope it get fix someday