VSCode & ObjectScript extension: Trusting self-signed certificates

Question

Question

Kari Vatjus-Anttila · Apr 6, 2022

Hello,

Recently I have been tinkering with VSCode and ObjectScript extension to connect to my dockerized IRIS instance. I have configured the instance to use Apache as a Web Gateway as per instructions and it has been working well. Currently I'm using a self-signed certificate for the SSL part of the connection. The browser nags about insecure certs when connecting to Management Portal but that's expected.

However when I try to connect to the instance with VSCode it simply fails with the following error message

Invoking the Atelier API with a REST Client (Insecure = true) the API responds 200 OK with a bunch of JSON about the instance.

I tried to look through the extension settings but can't find any setting that could declare a specific connection insecure. Is there a possibility to tell the extension to not verify SSL certs for a given server connection? Surely others have encountered this error before and there is a trivial solution for this but I can't seem to find it.

Any ideas how to solve this?

Thanks,
Kari

Discussion (8)2

Log in or sign up to continue

John Murray · Apr 6, 2022

Hmm, looks like the code gets that setting from the "objectscript" settings object. So please try this in your JSON:

"objectscript.http.proxyStrictSSL": false

Ignore the hover about it being an unknown setting.

0 0

Brett Saviano · Apr 6, 2022

@Kari Vatjus-Anttila
Can you please download and install the version of the extension found here and check if that fixes the issue? To install it you can drag it from your downloads folder into the extensions view in your VS Code window.

0 0

score 0 · Answer 1 · 2022-04-06T06:00:10-04:00

John Murray · Apr 6, 2022

Does it make a difference if you add this setting?

"http.proxyStrictSSL": false

0 0

score 0 · Answer 2 · 2022-04-06T07:58:42-04:00

Nope, does not make any difference. I checked out the extensions code and I suspect (I might be wrong) that the issue is here:

https://github.com/intersystems-community/vscode-objectscript/blob/maste... Line 289

    const agent = new http.Agent({
      keepAlive: true,
      maxSockets: 10,
      rejectUnauthorized: https && config("http.proxyStrictSSL"),
    });

rejectUnauthorized is going to be true if the scheme is using HTTPS (which I am). If that is the issue, it would be great if this parameter could be overwritten with some general setting provided by the extension for example "Allow Insecure connections".

score 0 · Answer 3 · 2022-04-06T08:15:05-04:00

We should re-write that line to use the regular http.proxyStrictSSL setting. The Language Server uses that setting in 2.0.1

EDIT: I opened PR #919 for this issue

score 0 · Answer 4 · 2022-04-06T08:18:57-04:00

That works! I must admit, I was a bit perplexed that why setting "http.proxyStrictSSL" to true didn't have any effect but the property you suggested made the difference.

Like Brett said, maybe somebody should re-write the line so it doesn't cause any further confusion among users :)

Cheers and thanks for the quick help yet again!

score 0 · Answer 5 · 2022-04-06T08:29:28-04:00

That was fast!

I downloaded the extension and tested it. It works.

I removed the objectscript.http.proxyStrictSSLproperty and set proxyStrictSSL to true -> connection failed as expected: VSCode notified that the server is using a self-signed cert. Next, I set proxyStrictSSLto false and tried to reconnect -> connection ok and VSCode prompted me to choose the namespace I want.

Thank you for your effort, it seems like your change works as expected.

//Kari

score 0 · Answer 6 · 2022-04-06T08:46:41-04:00

Brett Saviano · Apr 6, 2022

That's great! Happy to help

0 0