zed
zed copied to clipboard
zed-industries
UnknownIssuer error when connecting to https://collab.zed.dev/rpc
Check for existing issues
- [X] Completed
Describe the bug / provide steps to reproduce it
I'm attempting to use Zed for work on a laptop provided by my employer. All traffic from the laptop is routed through a Secure Web Gateway for auditing. The gateway uses its own self-signed certificates to intercept SSL.
Zed doesn't seem to recognize these certificates when I attempt to Sign In. I also see a struck-out cloud next to the Sign In button (which might just mean I'm logged out).
I am able to download updates to the editor, which makes me think some parts of Zed respect the certificates.
I am currently able to disable the gateway while the company is onboarding the product, and disabling it allows me to sign in without issue. At some point the gateway will become required, so this is only a short term solution.
Environment
Zed: v0.84.4 (stable) OS: macOS 13.3.1 Memory: 32 GiB Architecture: x86_64
If applicable, add mockups / screenshots to help explain present your vision of the feature
No response
If applicable, attach your ~/Library/Logs/Zed/Zed.log file to this issue.
If you only need the most recent lines, you can run the zed: open log command palette action to see the last 1000.
2023-05-05T20:38:48 [INFO] set status on client 0: Reauthenticating
2023-05-05T20:38:48 [INFO] set status on client 0: Reconnecting
2023-05-05T20:38:48 [INFO] connected to rpc endpoint https://collab.zed.dev/rpc
2023-05-05T20:38:48 [WARN] Sending fatal alert BadCertificate
2023-05-05T20:38:48 [INFO] set status on client 0: ConnectionError
2023-05-05T20:38:48 [ERROR] IO error: invalid certificate: UnknownIssuer
Caused by:
0: IO error: invalid certificate: UnknownIssuer
1: invalid certificate: UnknownIssuer
@aranw Now that Zed is open-source (yay!), I'm trying to fix this issue. I created https://github.com/zed-industries/zed/discussions/6710 as a first step. Sharing in case you'd like to follow along or join in the work.
Obligatory "me too" but I am also getting this error when trying to sign in with my github account. Copilot will not connect.
Hi @LaustinSpayce . I hadn't tried Copilot yet and it's failing to connect for me also. I think this is a different part of the system though, and sadly my work in #7254 doesn't fix this Copilot issue. If I open the language server logs via the command palette, I see the following:
stderr: ApplicationInsights:CorrelationIdManager [
stderr: Error: self-signed certificate in certificate chain
stderr: at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
stderr: at TLSSocket.emit (node:events:513:28)
stderr: at TLSSocket._finishInit (node:_tls_wrap:959:8)
stderr: at ssl.onhandshakedone (node:_tls_wrap:743:12) {
stderr: code: 'SELF_SIGNED_CERT_IN_CHAIN'
stderr: }
stderr: ]
stderr: ApplicationInsights:CorrelationIdManager [
stderr: Error: self-signed certificate in certificate chain
stderr: at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
stderr: at TLSSocket.emit (node:events:513:28)
stderr: at TLSSocket._finishInit (node:_tls_wrap:959:8)
stderr: at ssl.onhandshakedone (node:_tls_wrap:743:12) {
stderr: code: 'SELF_SIGNED_CERT_IN_CHAIN'
stderr: }
stderr: ]
which looks to me like the error occurs in Node (or npm?) code. Can you open a new issue for Copilot connections? I might continue to investigate that casually in my spare time, because I'd like to use Copilot too, but I think collaboration and Copilot support can be split apart as work items.
I don't think the fix works for me, though I'm not 100% that this is the correct root cause.
The logs are below. The sign in error and npm error are different, but I suspect it's the same certificate issue.
2024-06-25T13:11:56-04:00 [ERROR] TODO TLS error: native-tls error: connection closed via error
Caused by:
0: TLS error: native-tls error: connection closed via error
1: native-tls error: connection closed via error
2: connection closed via error
2024-06-25T13:11:58-04:00 [ERROR] Failed to install default prettier: prettier & plugins install: fetching latest npm versions: fetching latest npm version for package prettier: failed to execute npm info subcommand:
stdout: "{\n \"error\": {\n \"code\": \"UNABLE_TO_GET_ISSUER_CERT_LOCALLY\",\n \"summary\": \"request to https://registry.npmjs.org/prettier failed, reason: unable to get local issuer certificate\",\n \"detail\": \"\"\n }\n}\n"
stderr: "npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY\nnpm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY\nnpm ERR! request to https://registry.npmjs.org/prettier failed, reason: unable to get local issuer certificate\n\nnpm ERR! A complete log of this run can be found in:\nnpm ERR! /Users/viu984/Library/Application Support/Zed/node/node-v18.15.0-darwin-arm64/cache/_logs/2024-06-25T17_11_50_626Z-debug-0.log\n"
@sa1 I can't tell what's going wrong from the screenshot, but the log snippet you provided looks like https://github.com/zed-industries/zed/issues/4350 . If https://github.com/zed-industries/zed/issues/4350 is different from the behavior you're seeing, I recommend opening a new issue so that it can be triaged by the maintainers. I don't think they'll see this comment, since this issue is closed.
Yeah, I guess I will create a a new issue. The second part of the logs is definitely similar to #4350 but the first part
Caused by:
0: TLS error: native-tls error: connection closed via error
1: native-tls error: connection closed via error
2: connection closed via error
happens when signing into github, similar to this issue.