vscode-remote-release icon indicating copy to clipboard operation
vscode-remote-release copied to clipboard

Published 20 hours ago verified publisher icon microsoft

please expose `--no-check-certificate` to wslDownload.sh

Open btmurrell opened this issue 4 years ago • 5 comments

Behind a corporate firewall, while starting code from a WSL terminal, it was trying vs code was attempting to download the latest vscode-server-linux to my system, but it failed with the following message:

ERROR: cannot verify az764295.vo.msecnd.net's certificate, issued by ‘C=US,ST=CT,L=Fairfield,OU=XX Corporate IT,O=Vandalay Industries,CN=XX External Issuing CA 202102082100’:
  Unable to locally verify the issuer's authority.
To connect to az764295.vo.msecnd.net insecurely, use `--no-check-certificate'.
ERROR: Failed to download https://update.code.visualstudio.com/commit:ea3859d4ba2f3e577a159bc91e3074c5d85c0523/server-linux-x64/stable to /home/merl/.vscode-server/bin/ea3859d4ba2f3e577a159bc91e3074c5d85c0523-1612821048.tar.gz
Please install missing certificates.

There is, however, no way to know where one might pass --no-check-certificate. Sniffing revealed that the script in the Windows user home directory .vscode\extensions\ms-vscode-remote.remote-wsl-0.52.0\scripts\wslDownloadl.sh is the one calling wget.

I know this download is chained from the code script itself, so it arguably does not make sense to expose the --no-check-certificate to the code command. So, one proposal might be to have that script read the vscode settings file for http.proxyStrictSSL. If set to false, it should provide --no-check-certificate to wget. I know I'm proposing solutions to you, but getting into that script and hard-coding the recommended flag solved my problem.

As a workaround for others, the editing the script as identified above might get you going. standard disclaimer, ymmv.

btmurrell avatar Feb 08 '21 23:02 btmurrell

We are a Swiss corporation who would also be highly interested in exposing the variable as suggested above, would be a very easy-to-solve but helpful solution.

markbosshard avatar Jul 27 '21 11:07 markbosshard

Ran into this issue today. Would be great to expose --no-check-certificate somehow.

seanrjohnson avatar Mar 16 '23 15:03 seanrjohnson

Still running into this error. Work around is to run echo "check_certificate = off" >> ~/.wgetrc see https://superuser.com/a/1045163

Joshua-rose avatar May 05 '23 21:05 Joshua-rose

This is still an issue. For users, not an expert in Linux, VSCode makes it very easy to launch from WSL by just typing "code ."

Except for many corporate users it just doesn't work and you receive a message that states:

To connect to update.code.visualstudio.com insecurely, use --no-check-certificate

and it also states:

Please install missing certificates.
Debian/Ubuntu:  sudo apt-get install ca-certificates

Except there doesn't seem to be a good way to use the first option and the second option does not resolve the issue. Not only does the command which should make VSCode easy to use from WSL not working, it is daunting you with solutions that either cannot be used or do not work. I think this is a horrible experience, especially for a newcomer.

I would recommend at least finding a way for VSCode to detect the issue and show better options to the users. Possibly what @Joshua-rose recommended, which does work:

echo "check_certificate = off" >> ~/.wgetrc

tolgabalci avatar Jan 10 '24 14:01 tolgabalci

Still running into this error. Work around is to run echo "check_certificate = off" >> ~/.wgetrc see https://superuser.com/a/1045163

It completely solves my problem in a beautiful manner. Thanks.

SangTruongTan avatar Jun 13 '24 01:06 SangTruongTan