· Apr 6, 2022

VSCode & ObjectScript extension: Trusting self-signed certificates


Recently I have been tinkering with VSCode and ObjectScript extension to connect to my dockerized IRIS instance. I have configured the instance to use Apache as a Web Gateway as per instructions and it has been working well. Currently I'm using a self-signed certificate for the SSL part of the connection. The browser nags about insecure certs when connecting to Management Portal but that's expected. 

However when I try to connect to the instance with VSCode it simply fails with the following error message

Invoking the Atelier API with a REST Client (Insecure = true) the API responds 200 OK with a bunch of JSON about the instance.

I tried to look through the extension settings but can't find any setting that could declare a specific connection insecure. Is there a possibility to tell the extension to not verify SSL certs for a given server connection? Surely others have encountered this error before and there is a trivial solution for this but I can't seem to find it.

Any ideas how to solve this?


Discussion (8)2
Log in or sign up to continue

Nope, does not make any difference. I checked out the extensions code and I suspect (I might be wrong) that the issue is here: Line 289

    const agent = new http.Agent({
      keepAlive: true,
      maxSockets: 10,
      rejectUnauthorized: https && config("http.proxyStrictSSL"),

rejectUnauthorized is going to be true if the scheme is using HTTPS (which I am). If that is the issue, it would be great if this parameter could be overwritten with some general setting provided by the extension for example "Allow Insecure connections".

That was fast!

I downloaded the extension and tested it. It works. 

I removed the objectscript.http.proxyStrictSSLproperty and set proxyStrictSSL to true -> connection failed as expected: VSCode notified that the server is using a self-signed cert. Next, I set proxyStrictSSLto false and tried to reconnect -> connection ok and VSCode prompted me to choose the namespace I want. 

Thank you for your effort, it seems like your change works as expected.