screenpipe icon indicating copy to clipboard operation
screenpipe copied to clipboard

Published 20 hours ago verified publisher icon mediar-ai

[bug] screenpipe self signed certs issue - tls connection init failed

Open zy31415 opened this issue 1 year ago • 4 comments

describe the bug brief description of the bug.

to reproduce

  1. Install screenpipe via homebrew
  2. Start screenpipe via command line

expected behavior Seeing the following error:

2024-11-21T19:08:28.461123Z ERROR screenpipe: continuous recording error: request error: https://huggingface.co/openai/whisper-large-v3-turbo/resolve/main/config.json: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer

system info

  • os: 15.1 (24B83)
  • screenpipe version: 0.1.98

additional context It's related to a self signed certificate. The certificate is trusted in the MacOs KeyChain. However, it is not recognized by screenpipe. Is there a way to let screenpipe trust this self signed cert?

zy31415 avatar Nov 21 '24 19:11 zy31415

MED-311 [bug] screenpipe self signed certs issue - tls connection init failed

linear[bot] avatar Nov 21 '24 19:11 linear[bot]

are you in china or behind firewall?

louis030195 avatar Nov 21 '24 19:11 louis030195

Located in North Americas. I am on a corporate laptop so behind VPN/firewall stuff.

zy31415 avatar Nov 21 '24 19:11 zy31415

Update: If I stop the corporate VPN (GlobalProtect), the problem is gone.

zy31415 avatar Nov 21 '24 19:11 zy31415

@louis030195 Any updates on this, it would be great if we had system keychain/certificates imported by default. I believe currently I'm seeing this same issue due to ZScaler on our corporate machines.

joshuaauger avatar Dec 13 '24 16:12 joshuaauger

some ideas from AI:

use reqwest::Client;
use std::time::Duration;

pub fn create_client() -> Result<Client> {
    let client = Client::builder()
        .timeout(Duration::from_secs(30))
        .use_system_proxy() // Use system proxy settings
        .tls_built_in_root_certs(true) // Use system root certificates
        .build()
        .context("failed to create http client")?;

    Ok(client)
}

@joshuaauger

i'm not sure where is the problem, should i send a PR to huggingface or is it something in our CLI code?

not familiar at all with this

https://github.com/huggingface/candle/issues/2668

trying to figure out

louis030195 avatar Dec 13 '24 17:12 louis030195

@louis030195

I'm no rust developer, but I think rustls doesn't use the system certificates but native-tls does.

something similar to this: #38

joshuaauger avatar Dec 13 '24 18:12 joshuaauger

https://github.com/huggingface/hf-hub/blob/ac22200ea0b5af4d8c362f699be0340647b19060/Cargo.toml#L44

louis030195 avatar Dec 13 '24 18:12 louis030195

https://github.com/huggingface/hf-hub/issues/56

louis030195 avatar Dec 13 '24 18:12 louis030195

/bounty 150

louis030195 avatar Dec 13 '24 18:12 louis030195

💎 $150 bounty • Screenpi.pe

Steps to solve:

  1. Start working: Comment /attempt #730 with your implementation plan
  2. Submit work: Create a pull request including /claim #730 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to mediar-ai/screenpipe!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🟢 @neo773 #982

algora-pbc[bot] avatar Dec 13 '24 18:12 algora-pbc[bot]

💡 @neo773 submitted a pull request that claims the bounty. You can visit your bounty board to reward.

algora-pbc[bot] avatar Dec 15 '24 21:12 algora-pbc[bot]

@neo773 I'm on MacOS, trying to follow the build guide but I don't see any changes in behaviour. What do I need to do to build with your changes?

joshuaauger avatar Dec 16 '24 01:12 joshuaauger

I see this message from screenpipe-audio, maybe I'm not building correctly:

[2024-12-16T01:53:04Z DEBUG rustls::client::hs] ALPN protocol is None
Error: request error: https://huggingface.co/distil-whisper/distil-large-v3/resolve/main/model.safetensors: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer

Caused by:
    0: https://huggingface.co/distil-whisper/distil-large-v3/resolve/main/model.safetensors: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer
    1: invalid peer certificate: UnknownIssuer

joshuaauger avatar Dec 16 '24 01:12 joshuaauger

🎉🎈 @neo773 has been awarded $150! 🎈🎊

algora-pbc[bot] avatar Dec 16 '24 16:12 algora-pbc[bot]

https://github.com/mediar-ai/screenpipe/pull/986

Added a PR, this was required for me to get past the certificate issue, not sure why the patch alone wasn't working, but I needed the features in the workspace dependencies, added the workspace = true to server, and added the feature to core, didn't work without all of the changes

Not sure if anything else broke, need someone to verify PR and do a full test.

joshuaauger avatar Dec 16 '24 18:12 joshuaauger

@louis030195 let me know if we can run a test build with the changes!

Thanks!

joshuaauger avatar Dec 16 '24 18:12 joshuaauger

Yes, the issue was other workspace packages had conflicts with feature flags.

I couldn't really test it within screenpipe as I did not have the same setup as you so I tested the changes within my fork of hf-hub and it worked fine .

Seems to be working now.

neo773 avatar Dec 16 '24 18:12 neo773

Awesome! Thanks for confirming @neo773.

joshuaauger avatar Dec 16 '24 18:12 joshuaauger

@joshuaauger @zy31415 is it working now?

louis030195 avatar Dec 19 '24 12:12 louis030195

It should be once the new build has these. My test build had some other issue unrelated but the certificate warnings were gone. Sent from my iPhoneOn Dec 19, 2024, at 7:33 AM, Louis Beaumont @.***> wrote: @joshuaauger @zy31415 is it working now?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

joshuaauger avatar Dec 19 '24 18:12 joshuaauger