Deprecate custom certificate configuration
I clicked on a warning in VS Code, what should I do?
The warning was shown to you because you use one or more of the following settings in the GitLab Workflow extension: gitlab.ignoreCertificateErrors
, gitlab.ca
, gitlab.cert
, gitlab.certKey
.
We are going to deprecate these settings in the future. However, you can add the custom certificate to your OS keychain and that way you can both connect to the GitLab instance from the VS Code and you can also access your GitLab instance in the browser. For more details on how to do that, please follow the official VS Code documentation.
If you want to know more about why we do that, you can read further. If you've got any feedback or comment, please leave it on this issue.
Problem to solve
The extension provides configuration options to use custom SSL certificates to communicate with the GitLab instance. To use the custom certificates, the extension uses a feature of now deprecated npm module request-promise
. This logic was original implemented in #26 (closed).
The node-fetch
module which is used as the underlying library for most GraphQL frameworks doesn't support custom certificates out of the box, and so supporting this configuration would carry non-trivial implementation of a custom https.Agent logic.
The custom certificates come in handy when users use self-signed certificate (that can't be verified by a root certification authority already configured in the OS).
graph LR
A[VS Code] -- https, custom signed cert used for SSL --> C[Self-managed GitLab instance]
Proposal
Deprecate the following options: gitlab.ignoreCertificateErrors
, gitlab.ca
, gitlab.cert
, gitlab.certKey
. And instead of custom configuration, suggest using the VS Code official recommended way to handle custom certificates.
The deprecation would fist concern only the new GrapQL implementation. Existing features will work with the custom certificate configuration till we release the next major version fo the exteions (4
).
We can create a small MR, that will recognise the deprecated configuration being present and gives the user a heads up.
VS Code official guide for custom SSL certificates
VS Code itself recommends solving the custom certificate issue by adding them as trusted certificates to the OS. It also provides CLI flags to disable SSL validation.