Skip to content

Certificate error when using HTTPS proxy with self-signed certificate

TL;DR The extension doesn't support HTTPS proxy with a self-signed certificate. It supports self-signed certificates without proxy or proxy with normal CA certificates, but not the combination of proxy + self-signed.


In settings.json, I have

    "gitlab.instanceUrl": "https://XXX.com/",
    "gitlab.ignoreCertificateErrors": true,

Even so, on Gitlab: Refresh Sidebar, I see

API request failed when trying to get current project because: request to https://XXX.com/api/graphql failed, reason: unable to verify the first certificate

The logs show

request to https://XXX.com/api/graphql failed, reason: unable to verify the first certificate
FetchError: request to https://XXX.com/api/graphql failed, reason: unable to verify the first certificate
	at ClientRequest.<anonymous> (/root/.vscode-server/extensions/gitlab.gitlab-workflow-3.11.2/node_modules/node-fetch/lib/index.js:1461:11)
	at ClientRequest.emit (events.js:315:20)
	at TLSSocket.socketErrorListener (_http_client.js:426:9)
	at TLSSocket.emit (events.js:315:20)
	at emitErrorNT (internal/streams/destroy.js:92:8)
	at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
	at processTicksAndRejections (internal/process/task_queues.js:84:21)
{
  "message": "API request failed when trying to get current project because: request to https://XXX.com/api/graphql failed, reason: unable to verify the first certificate",
  "stack": [
    "Error: API request failed when trying to get current project because: request to https://XXX.com/api/graphql failed, reason: unable to verify the first certificate",
    "\tat Object.<anonymous> (/root/.vscode-server/extensions/gitlab.gitlab-workflow-3.11.2/out/src/gitlab_service.js:91:19)",
    "\tat Generator.throw (<anonymous>)",
    "\tat rejected (/root/.vscode-server/extensions/gitlab.gitlab-workflow-3.11.2/out/src/gitlab_service.js:6:65)",
    "\tat processTicksAndRejections (internal/process/task_queues.js:97:5)"
  ]
}

This is on a remote machine connected using Remote-SSH.

Edited by Tomas Vik