Closed WSF-SEO-AM closed 3 weeks ago
If you set "debug": true
in Package Control settings, what is printed to console, when trying to install packages. Are there any certificate validation related issues or something along those lines?
Package Control relies on
In each case https://github.com/wbond/package_control/issues/1674#issuecomment-2117864576 applies.
Thanks. Is there any particular order on how certificate files should be appended? Is Sublime required to be restarted?
Order doesn't matter.
Modified Package Control.user-ca-bundle should get picked up each time PC detects it is newer than the auto generated merged CA bundle.
PC caches results and won't reach out to servers for meta data, once they are downloaded successfully. In that case restart may be required to force new downloads. But as long as those fail, updated CA bundles should be picked up.
But actually, you are better off adding additional CA bundles to your OS's cert store anyway. Otherwise other apps may also fail establishing trusted TLS connections with host name verification.
Package Control 4 actually uses openssl's default mechanisms to load default root certificate bundles via load_default_certs(() method on python 3.8 and additionally loads user CA bundle afterwards.
The mechanism has been tested locally on Windows and Linux as well via Github Actions for all platforms, successfully.
If a misconfiguration or external security appliance is blocking required operations to establish a trustworthy connection, there's nothing which can be done by a client like Package Control.
Apparently upon supplying the ZScaler certificate in the bundle file, the issue was resolved. It didn't work at first, but I can only assuming I was using the wrong file at this stage. We can close the issue.
On our end we are using Zscaler, and apparently some changes occurred and I can't install anymore packages. Although I have created a bundle file collating three different certificate public keys, I keep receiving the same error message and no packages installed.
Can you please provide some support?