facebook

Copilot4Eclipse 1.0.0 – SSL Certificate Issues in Corporate Proxy

  1. Copilot4Eclipse – GitHub Copilot on Eclipse
  2.  > 
  3. General Discussion
Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #699817 Reply

    acamara
    Participant

    Hello everyone,

    Great job on the launch of version 1.0.0. The issues with connecting through the corporate proxy are almost resolved.

    It seems that the system now recognizes the configured proxy and makes use of it. However, there’s an issue with proxies that replace SSL certificates with their own for network traffic content analysis.

    The error in the language server logs looks like this:

    
    [2024-01-25T07:49:55.222083100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
    {"jsonrpc":"2.0","method":"LogMessage","params":{"level":3,"message":"[ERROR] [ghostText] [2024-01-25T06:49:55.220Z] Error on ghost text request: (FetchError) unable to get local issuer certificate","metadataStr":"[ERROR] [ghostText] [2024-01-25T06:49:55.220Z]","extra":["Error on ghost text request: (FetchError) unable to get local issuer certificate"]}}
    

    It appears that the “unable to get local issuer certificate” error is thrown by the Node process in Eclipse.

    For now, to solve this, at least on Windows, I’ve added this environment variable for Node:

    
    setx NODE_EXTRA_CA_CERTS d:\mydir\corporate-certs.crt
    

    The corporate-certs.crt file is a concatenation of the different certificates needed. To do this, create a new .pem or .crt file and add the content of each of the CA certificates. You should do this in the same order that you want them to be read. Make sure each certificate begins with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–. For example:

    
    -----BEGIN CERTIFICATE-----
    MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv
    MQswCQYDVQ...etcetc
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv
    MQswCQYDVQ...etcetc
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv
    MQswCQYDVQ...etcetc
    -----END CERTIFICATE-----
    

    With this environment variable, I managed to get it working.

    edit:
    you can obtain the corporate browsing certificates by using any web browser. Simply click on the padlock icon located near the URL of the page. This will allow you to view and export the certificate chain used by that website.

    • This topic was modified 10 months, 4 weeks ago by acamara.
    #699828 Reply

    wayne
    Moderator

    Very helpful feedback.
    We will include this info in the new docs that are being drafted now.
    Regards,
    Wayne

    #700313 Reply

    idle-engineering
    Participant

    I have tried this approach and was able to successfully get completions working behind the company’s proxy…

    …for a few days. Now completions no longer work behind the proxy. However I cannot properly debug the issue as there is nothing clearly visible in the logs.

    LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
    {“jsonrpc”:”2.0″,”id”:”17″,”result”:{“status”:”OK”,”user”:<blabla>}}
    — seems to be able to communicate

    however completions fail with no explaination:
    [2024-03-20T15:44:32.171184100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
    {“jsonrpc”:”2.0″,”method”:”statusNotification”,”params”:{“status”:”InProgress”,”message”:””}}
    [2024-03-20T15:44:32.171184100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
    {“jsonrpc”:”2.0″,”method”:”LogMessage”,”params”:{“level”:1,”message”:”[INFO] [default] [2024-03-20T14:44:32.170Z] [fetchCompletions] engine https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex&#8221;,”metadataStr”:”[INFO] [default] [2024-03-20T14:44:32.170Z]”,”extra”:[“[fetchCompletions] engine https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex”%5D}}
    [2024-03-20T15:44:32.289230600+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
    {“jsonrpc”:”2.0″,”method”:”LogMessage”,”params”:{“level”:1,”message”:”[INFO] [default] [2024-03-20T14:44:32.288Z] request.response: [https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions] took 118 ms”,”metadataStr”:”[INFO] [default] [2024-03-20T14:44:32.288Z]”,”extra”:[“request.response: [https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions] took 118 ms”]}}
    [2024-03-20T15:44:32.290223300+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
    {“jsonrpc”:”2.0″,”method”:”statusNotification”,”params”:{“status”:”Warning”,”message”:””}}
    [2024-03-20T15:44:32.291222800+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
    {“jsonrpc”:”2.0″,”id”:”111″,”result”:{“completions”:[],”cancellationReason”:”OtherFailure”}}
    [2024-03-20T15:44:33.757321+01:00] LSP4E_TO_LANGUAGE_SERVER com.genuitec.copilot4eclipse.copilot:

    — so not really informative.

    Any thoughts would be highly appreciated

    #700327 Reply

    ros2jsguy
    Participant

    @idle-engineering
    Thx for sharing the details. As you have indicated the log info is lacking details for why completion data is empty.

    A few questions:
    1) Does this experience with empty completion data persist a 100% for over 24 hours?

    2) Have you restarted your machine and the problem still exists?

    3) What OS or OSes are you using?
    3a) Does this problem exist across multiple instances of Eclipse/Copilot4Eclipse – may not be applicable question?

    4) Have you signed out and back in from Copilot4Eclipse and also directly sign out/in from your GitHub account?

    5) Would you be interested in trying a very recent developer build of Copilot4Eclipse ver 1.2? The next version includes upgraded api. If yes contact me at info@genuitec.com and reference this thread and me (Wayne).

    Wayne
    Copilot4Eclipse Dev Team

    #700330 Reply

    fidley
    Participant

    what about using in eclipse.ini following lines after -vmargs?

    -Djavax.net.ssl.trustStore=NONE
    -Djavax.net.ssl.trustStoreType=Windows-ROOT

    For me this helps with certificates on Marketplace for example. It’s reading the certificates from Windows.

    #700331 Reply

    wayne
    Moderator

    @fidley, the copilot api runs as a separate nodejs process that handles secure communications with github copilot services. An issue is nodejs is kind of funky in it’s visibility to system managed root certificates. Copilot4Eclipse uses the node modules win-ca, mac-ca and linux-ca for accessing system root certs for our nodejs process on the respective os platform. In most cases this is adequate. We are definitely open to expanding this support to address as many issues as practical.

    Wayne

    #700332 Reply

    fidley
    Participant

    Thanks for clarification

    #701046 Reply

    ClaRenGon
    Participant

    @wayne, since the update to Copilot 1.2.0 i get often the error message with “Timeout” and the automatic completion is not working anymore. I’m sitting behind a company proxy which makes everything a bit tricky.

    In the Logs i’ve seen following error message:

    !ENTRY com.genuitec.copilot4eclipse 4 0 2024-05-27 10:56:31.458
    !MESSAGE Cannot invoke "com.genuitec.copilot4eclipse.lsp.messages.CheckStatusResult.isSignedIn()" because "<parameter1>" is null
    !STACK 0
    java.lang.NullPointerException: Cannot invoke "com.genuitec.copilot4eclipse.lsp.messages.CheckStatusResult.isSignedIn()" because "<parameter1>" is null
    	at com.genuitec.copilot4eclipse.Copilot4Eclipse.notifyStatusChange(Unknown Source)
    	at com.genuitec.copilot4eclipse.Copilot4Eclipse.lambda$0(Unknown Source)
    	at com.genuitec.copilot4eclipse.Copilot4Eclipse$1.run(Unknown Source)
    	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
    
    !ENTRY com.genuitec.copilot4eclipse 4 0 2024-05-27 10:56:32.284
    !MESSAGE Timeout while checking Copilot status

    Any help on this would be appreciated.

    • This reply was modified 6 months, 3 weeks ago by ClaRenGon.
    #701061 Reply

    wayne
    Moderator

    Hi,
    The stacktrace indicates that our client api’s connection to GitHub Copilot services is timeout as the Copilot service is not responding in a timely manner or not responding at all.

    Can you describe a typical scenario or for when Copilot4Eclipse is not functioning correctly?
    1. When you start up Eclipse are code suggestions being generated or Chat features are responsive?
    1a. If yes, how long before Copilot4Eclipse goes into an error state?
    2. Does Status Dialog have any useful error messages, e.g., select the Copilot4Eclipse menu > Status to open the dialog.
    3. When Copilot4Eclipse is not functioning correctly does restarting Eclipse restore Copilot4Eclipse to a functional state?

    Wayne
    Copilot4Eclipse Team

    #701120 Reply

    davidmichaelkarr
    Participant

    I also am seeing very similar symptoms. I just installed the 0527 version, and it goes into the Error state just as quickly as it always has. When I restart Eclipse, it’s in the Ready state only briefly. I can probably get a few responses out of it before it fails. The status dialog doesn’t tell me anything more than the error log does, it just says “Timeout while checking Copilot status”.

    #701132 Reply

    wayne
    Moderator

    @davidmichaelkarr

    > The status dialog doesn’t tell me anything more than the error log does, it just says “Timeout while checking Copilot status”.

    We are working on an improvement for this situation. Hopefully as soon as early next week. I’ll post an update as soon as we have this update available.

    Wayne
    Copilot4Eclipse Team

Viewing 11 posts - 1 through 11 (of 11 total)
Reply To: Copilot4Eclipse 1.0.0 – SSL Certificate Issues in Corporate Proxy

You must be logged in to post in the forum log in