cursor icon indicating copy to clipboard operation
cursor copied to clipboard
verified publisher icon getcursor

Cloudflare warp: ConnectError: [internal] unable to get local issuer certificate

Open giancarlosisasi opened this issue 1 year ago • 2 comments

Description

We use cloudflare warp and we are getting the following error:

unable to get local issuer certificate

image

After contacting our internal security team, they said that its because cursor is not using the keychain of the System with the cert of Cloudflare CA which I have installed in my system (here is an example how its configured in npm).

Maybe, like npm, there is an option in cursor to configure manually the EXTRA_CA_CERTS where I can put the path to the cloudflare warp ca certificate file?

Extra:

Even when I disable the http2 option

image

It works partially (and super slow) but still the error is shown some timees image

Operating system

System: OS: macOS 12.5.1 CPU: (8) arm64 Apple M1 Memory: 121.53 MB / 16.00 GB Shell: 5.8.1 - /bin/zsh Binaries: Node: 20.13.1 - ~/.nvm/versions/node/v20.13.1/bin/node npm: 10.5.2 - ~/.nvm/versions/node/v20.13.1/bin/npm pnpm: 9.4.0 - ~/.nvm/versions/node/v20.13.1/bin/pnpm Browsers: Brave Browser: 127.1.68.134 Chrome: 129.0.6668.60 Safari: 15.6.1

giancarlosisasi avatar Sep 26 '24 22:09 giancarlosisasi

In my case, with http2 enabled, Cursor's IA driven completions just stopped working if warp was connected. After disconnecting warp it and retrying the prompts, it would work. Disabling WARP each time was cumbersome and would incur in a security risk, thus i deactivated http2 and Cursor started working even with WARP connected, but with much higher latency and outputs like the following.

Here is after using CMD+K to chat with a file: Screenshot 2024-09-27 at 9 25 02 AM

I have the exact same setup than @GiancarlosIO, with Cloudflare Zero Trust WARP enabled, http2 disabled and minor differences in my system specs.

Operating system

System: OS: macOS 14.6.1 CPU: (8) arm64 Apple M2 Memory: 2273MB / 24.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: v20.14.0 - /.nvm/versions/node/v20.14.0/bin/node npm: 10.7.0 - /.nvm/versions/node/v20.14.0/bin/npm pnpm: 9.5.0 - /.nvm/versions/node/v20.14.0/bin/pnpm Browsers: Chrome: 129.0.6668.60 Safari: 17.6 Arc: 1.61.0

Pra3t0r5 avatar Sep 27 '24 12:09 Pra3t0r5

Due to the nature of how the AI is streamed, and the unique certificate setup the WARP requires, I'm not suprised you are facing issues.

Unfortunately, it's hard to support every possible use can and deployment for Cursor. Check your Cursor settings regarding streaming the AI output, as you may get better luck by turning off streaming, and instead getting the whole response back once it's complete from the server. While less visually appealing, this may be the best bet you have for this use case.

danperks avatar Oct 02 '24 19:10 danperks

Cursor pro user here. Seems like the HTTP2 "disabling" was a nice workaround, but since a recent update with Cursor, now it's impossible to use composer or any AI feature with Cloudflare Warp (Zero Trust).

tristanbes avatar Dec 22 '24 22:12 tristanbes