VSCode & ObjectScript extension: Trusting self-signed certificates
Hello,
Recently I have been tinkering with VSCode and ObjectScript extension to connect to my dockerized IRIS instance. I have configured the instance to use Apache as a Web Gateway as per instructions and it has been working well. Currently I'm using a self-signed certificate for the SSL part of the connection. The browser nags about insecure certs when connecting to Management Portal but that's expected.
However when I try to connect to the instance with VSCode it simply fails with the following error message
.png)
Invoking the Atelier API with a REST Client (Insecure = true) the API responds 200 OK with a bunch of JSON about the instance.
I tried to look through the extension settings but can't find any setting that could declare a specific connection insecure. Is there a possibility to tell the extension to not verify SSL certs for a given server connection? Surely others have encountered this error before and there is a trivial solution for this but I can't seem to find it.
Any ideas how to solve this?
Thanks,
Kari
Comments
Does it make a difference if you add this setting?
"http.proxyStrictSSL": false
Nope, does not make any difference. I checked out the extensions code and I suspect (I might be wrong) that the issue is here:
https://github.com/intersystems-community/vscode-objectscript/blob/mast… Line 289
const agent = new http.Agent({
keepAlive: true,
maxSockets: 10,
rejectUnauthorized: https && config("http.proxyStrictSSL"),
});rejectUnauthorized is going to be true if the scheme is using HTTPS (which I am). If that is the issue, it would be great if this parameter could be overwritten with some general setting provided by the extension for example "Allow Insecure connections".
Hmm, looks like the code gets that setting from the "objectscript" settings object. So please try this in your JSON:
"objectscript.http.proxyStrictSSL": false
Ignore the hover about it being an unknown setting.
We should re-write that line to use the regular http.proxyStrictSSL setting. The Language Server uses that setting in 2.0.1
EDIT: I opened PR #919 for this issue
That works! I must admit, I was a bit perplexed that why setting "http.proxyStrictSSL" to true didn't have any effect but the property you suggested made the difference.
Like Brett said, maybe somebody should re-write the line so it doesn't cause any further confusion among users :)
Cheers and thanks for the quick help yet again!
@Kari.Vatjus-Anttila5072
Can you please download and install the version of the extension found here and check if that fixes the issue? To install it you can drag it from your downloads folder into the extensions view in your VS Code window.
That was fast!
I downloaded the extension and tested it. It works.
I removed the objectscript.http.proxyStrictSSLproperty and set proxyStrictSSL to true -> connection failed as expected: VSCode notified that the server is using a self-signed cert. Next, I set proxyStrictSSLto false and tried to reconnect -> connection ok and VSCode prompted me to choose the namespace I want.
Thank you for your effort, it seems like your change works as expected.
//Kari
That's great! Happy to help
I am having this same problem and I am using the latest extension.
I added the
"http.proxyStrictSSL": false
to the User settings.json , which is the same as
.png)
But still getting the error:
Check your server details in Settings (vgorillaaws[VGORILLA]).
request to https://ec2-x.x.x.x.us-east-2.compute.amazonaws.com/api/atelier/ failed, reason: self signed certificate
I am using [2.5.0] - 2024-05-02 InterSystems Language Server
@Mario.Sanchez-Macias
Please see this page in our documentation for how to use a self-signed certificate.
Thanks!
Adding the self-signed certificate to the operating System's root certificates (in my case, the Mac keychain under System) worked.
Once the certificate was added, I didn't need to set http.proxyStrictSSL to false.