From 6e6dffa282a99186aa169c045be3cc249ecc0830 Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 9 May 2024 14:50:30 -0800 Subject: [PATCH 1/5] Do not recommend local partial chain fix --- src/error.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/error.ts b/src/error.ts index 31723fd3..daa85d8c 100644 --- a/src/error.ts +++ b/src/error.ts @@ -13,7 +13,7 @@ export enum X509_ERR_CODE { // X509_ERR contains human-friendly versions of TLS errors. export enum X509_ERR { - PARTIAL_CHAIN = "Your Coder deployment's certificate cannot be verified because a certificate is missing from its chain. To fix this your deployment's administrator should bundle the missing certificates or you can add the missing certificates directly to this system's trust store.", + PARTIAL_CHAIN = "Your Coder deployment's certificate cannot be verified because a certificate is missing from its chain. To fix this your deployment's administrator should bundle the missing certificates.", // NON_SIGNING can be removed if BoringSSL is patched and the patch makes it // into the version of Electron used by VS Code. NON_SIGNING = "Your Coder deployment's certificate is not marked as being capable of signing. VS Code uses a version of Electron that does not support certificates like this even if they are self-issued. The certificate should be regenerated with the certificate signing capability.", From e83bcd68afe1223d050614f975314eb48a75f9a9 Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 9 May 2024 14:50:39 -0800 Subject: [PATCH 2/5] Replace "should" with "must" --- src/error.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/error.ts b/src/error.ts index daa85d8c..9ac5d5a5 100644 --- a/src/error.ts +++ b/src/error.ts @@ -13,12 +13,12 @@ export enum X509_ERR_CODE { // X509_ERR contains human-friendly versions of TLS errors. export enum X509_ERR { - PARTIAL_CHAIN = "Your Coder deployment's certificate cannot be verified because a certificate is missing from its chain. To fix this your deployment's administrator should bundle the missing certificates.", + PARTIAL_CHAIN = "Your Coder deployment's certificate cannot be verified because a certificate is missing from its chain. To fix this your deployment's administrator must bundle the missing certificates.", // NON_SIGNING can be removed if BoringSSL is patched and the patch makes it // into the version of Electron used by VS Code. - NON_SIGNING = "Your Coder deployment's certificate is not marked as being capable of signing. VS Code uses a version of Electron that does not support certificates like this even if they are self-issued. The certificate should be regenerated with the certificate signing capability.", - UNTRUSTED_LEAF = "Your Coder deployment's certificate does not appear to be trusted by this system. The certificate should be added to this system's trust store.", - UNTRUSTED_CHAIN = "Your Coder deployment's certificate chain does not appear to be trusted by this system. The root of the certificate chain should be added to this system's trust store. ", + NON_SIGNING = "Your Coder deployment's certificate is not marked as being capable of signing. VS Code uses a version of Electron that does not support certificates like this even if they are self-issued. The certificate must be regenerated with the certificate signing capability.", + UNTRUSTED_LEAF = "Your Coder deployment's certificate does not appear to be trusted by this system. The certificate must be added to this system's trust store.", + UNTRUSTED_CHAIN = "Your Coder deployment's certificate chain does not appear to be trusted by this system. The root of the certificate chain must be added to this system's trust store. ", } export interface Logger { From 2d3aacdce4cf6b8768ba3c8ac3d7cb48405a7b12 Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 9 May 2024 14:54:52 -0800 Subject: [PATCH 3/5] Show detailed x509 err beneath input --- src/commands.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands.ts b/src/commands.ts index 20d2a5e6..b51d9719 100644 --- a/src/commands.ts +++ b/src/commands.ts @@ -113,7 +113,7 @@ export class Commands { err.showNotification() return { - message: err.message, + message: err.x509Err || err.message, severity: vscode.InputBoxValidationSeverity.Error, } } From 8c8e2d64b9ec8218097b5b5b5950c7d1d67f6aae Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 9 May 2024 14:59:39 -0800 Subject: [PATCH 4/5] Update changelog --- CHANGELOG.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f3c8b68..c18a5f86 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change Log +## Unreleased + +### Changes + +- Show certificate errors under the token input. + ## [v0.1.36](https://github.com/coder/vscode-coder/releases/tag/v0.1.36) (2024-04-09) ### Changes diff --git a/package.json b/package.json index 4438aa8c..753e6a2f 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "displayName": "Coder", "description": "Open any workspace with a single click.", "repository": "https://github.com/coder/vscode-coder", - "version": "0.1.36", + "version": "0.1.37", "engines": { "vscode": "^1.73.0" }, From 895c77a4221536481b66bcf985109361646df0e2 Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 9 May 2024 15:26:23 -0800 Subject: [PATCH 5/5] Remove view more details from certificate error 1. That GitHub issue only has details for non-signing errors, which so far have not actually happened in the wild. 2. The information in the GitHub issue is not very straightforward. If we do end up needing to document non-signing errors, we should clean it up and put it in the docs. --- src/error.ts | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/src/error.ts b/src/error.ts index 9ac5d5a5..85ce7ae4 100644 --- a/src/error.ts +++ b/src/error.ts @@ -31,7 +31,7 @@ interface KeyUsage { export class CertificateError extends Error { public static ActionAllowInsecure = "Allow Insecure" - public static ActionViewMoreDetails = "View More Details" + public static ActionOK = "OK" public static InsecureMessage = 'The Coder extension will no longer verify TLS on HTTPS requests. You can change this at any time with the "coder.insecure" property in your VS Code settings.' @@ -116,12 +116,6 @@ export class CertificateError extends Error { }) } - viewMoreDetails(): Thenable { - return vscode.env.openExternal( - vscode.Uri.parse("https://github.com/coder/vscode-coder/issues/115#issuecomment-1631512493"), - ) - } - // allowInsecure updates the value of the "coder.insecure" property. async allowInsecure(): Promise { vscode.workspace.getConfiguration().update("coder.insecure", true, vscode.ConfigurationTarget.Global) @@ -146,11 +140,10 @@ export class CertificateError extends Error { // inside VS Code. Disabling the "Strict SSL" setting does not help // either. For now avoid showing the button until this is sorted. // CertificateError.ActionAllowInsecure, - CertificateError.ActionViewMoreDetails, + CertificateError.ActionOK, ) switch (val) { - case CertificateError.ActionViewMoreDetails: - await this.viewMoreDetails() + case CertificateError.ActionOK: return case CertificateError.ActionAllowInsecure: await this.allowInsecure()