search

wbond / package_control

The Sublime Text package manager
https://packagecontrol.io
4.77k stars 816 forks source link

SSL issue #1674

Closed keremtitiz closed 3 weeks ago

keremtitiz commented 1 month ago

Hi I installed package control for Sublime 4. But when I try to browse the packages, an error occurs.

Package control console shows the following errors,

reloading plugin Package Control.plugin
plugins loaded
Package Control: Error downloading channel. URL error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131) downloading https://packagecontrol.github.io/channel/channel_v4.json.
Package Control: Error downloading channel. URL error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131) downloading https://packagecontrol.io/channel_v3.json.
Package Control: Skipping automatic upgrade, last run at 2024-05-17 15:13:39, next run at 2024-05-17 23:13:39 or after
Package Control: Error downloading channel. URL error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131) downloading https://packagecontrol.github.io/channel/channel_v4.json.
Package Control: Error downloading channel. URL error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131) downloading https://packagecontrol.io/channel_v3.json.
Package Control: There are no packages available for installation.
deathaxe commented 1 month ago

The messages say it all: "self signed certificate in certificate chain".

The TLS connection is not trustworthy, because any network transport participant is intercepting encrypted data traffic by decrypting and re-encrypting it using an unverified self-signed certificate.

This may have following reasons:

  1. you are using a SSL proxy
  2. any bad configured network security (antivirus) appliance is involved
  3. you are victim of a man-in-the-middle attack

In case you are connecting to internet through a (known and trusted) SSL proxy or security appliance, you can add its public certificate to PC's trust store to solve the problem by...

  1. opening Command Palette
  2. calling Package Control: User CA bundle

  3. pasting public key to the opened file and safe it.

    The content should look like 

    -----BEGIN CERTIFICATE-----
MIIEejCCA2KgAwIBAgIICKHBJ8mrnl8wDQYJKoZIhvcNAQELBQAwgdoxCzAJBgNV
...
-----END CERTIFICATE-----

Note: Those steps work only for urllib downloader. Any other downloader, especially wininet requires certificates to be installed to OS's native certificate trust store.

Package Control verifies the whole certificate chain for any server it connects to in order to avoid anyone injecting malware. This is not and won't be configurable.

You have to ensure a trustworthy connection can be established.