Why is NODE_TLS_REJECT_UNAUTHORIZED set to 0? #776
Comments
|
This is done , several users reported earlier that they are facing problems in certificates while connecting to github. Is there any problem you are facing with this configuration ? |
|
Yes, this is highly insecure. You are disabling TLS validation for any process running within VS Code. Now my app does not validate SSL certificates when run with VS Code |
|
@shanalikhan I agree Just had the same issue: users complained my extension didn't validate certificates and all looked fine for me as you disabled the checks. |
I am open for PR if it solves the problem in both ways, installing CA and not using validation. |
The solution should never be a complete disable of such a low level security feature which is paramount for secure systems. Especially if it side effects into the whole process. |
Indeed. I had to uninstall the plugin for now to restore normal behaviour. |
|
Me too. |
If users report SSL trust issues, they should be sent here: https://code.visualstudio.com/docs/setup/network#_ssl-certificates Edit: Worst case, the user with the issue can turn it off in VS Code if they wish with I sent PR #779 which removes the disabling of TLS certificate validation. It would make this safe to use again. |
|
Released with v3.2.6 |
|
@MattMorgis after the 3.2.6 update I haven't been able to use this extension. Whenever I try to update/upload I get an error (Sync: Internet not connected or unable to connect to GitHub. Exception logged in Console). When I look at the console there's a couple of "unable to verify the first certificate" errors. I have tried setting my What do you think of having a setting that would set |
|
@MattMorgis How did you manage to narrow it down to this extension from this single error message? |
|
I believe I grepped my VS Code extensions folder for that environment variable key and then found the line (and therefore the extension) where it was being set.
… On Jan 9, 2020, at 4:39 PM, ggirard07 ***@***.***> wrote:
@MattMorgis How did you manage to narrow it down to this extension from this single error message?
I am currently having the same kind of issue (same error message while trying to run my app in debug), but obviously not from this extension as I don't have it...
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
@MattMorgis thanks, I found my culprit "Azure Repos" extension from Microsoft :/ |
|
Why ZERO? Why not FALSE/TRUE ? |
|
这是来自QQ邮箱的假期自动回复邮件。你好,我最近正在休假中,无法亲自回复你的邮件。我将在假期结束后,尽快给你回复。
|
🐛 Describe the bug
When running my app with Node.js 11 within VS Code, I get the following message when making an
httpsrequest:When I run my app with Node.js 11 without VS Code, I do not get this message.
I narrowed it down to this extension setting the variable to
0:code-settings-sync/src/environmentPath.ts
Line 84 in e80b2ce
Why is this being set and does it have to be?
🌴 Visual Studio Code Version : [
1.31.1]🌴 Code Settings Sync Version : [
3.2.5]🌴 Standard or Insiders : [
standard]🌴 Operating System : [
macOS]The text was updated successfully, but these errors were encountered: