Tagged: certificates, copilot, copilot4eclipse, Node, proxy, ssl
- This topic has 10 replies, 7 voices, and was last updated 6 months, 3 weeks ago by wayne.
-
AuthorPosts
-
acamaraParticipantHello everyone,
Great job on the launch of version 1.0.0. The issues with connecting through the corporate proxy are almost resolved.
It seems that the system now recognizes the configured proxy and makes use of it. However, there’s an issue with proxies that replace SSL certificates with their own for network traffic content analysis.
The error in the language server logs looks like this:
[2024-01-25T07:49:55.222083100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot: {"jsonrpc":"2.0","method":"LogMessage","params":{"level":3,"message":"[ERROR] [ghostText] [2024-01-25T06:49:55.220Z] Error on ghost text request: (FetchError) unable to get local issuer certificate","metadataStr":"[ERROR] [ghostText] [2024-01-25T06:49:55.220Z]","extra":["Error on ghost text request: (FetchError) unable to get local issuer certificate"]}}
It appears that the “unable to get local issuer certificate” error is thrown by the Node process in Eclipse.
For now, to solve this, at least on Windows, I’ve added this environment variable for Node:
setx NODE_EXTRA_CA_CERTS d:\mydir\corporate-certs.crt
The corporate-certs.crt file is a concatenation of the different certificates needed. To do this, create a new .pem or .crt file and add the content of each of the CA certificates. You should do this in the same order that you want them to be read. Make sure each certificate begins with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–. For example:
-----BEGIN CERTIFICATE----- MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv MQswCQYDVQ...etcetc -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv MQswCQYDVQ...etcetc -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv MQswCQYDVQ...etcetc -----END CERTIFICATE-----
With this environment variable, I managed to get it working.
edit:
you can obtain the corporate browsing certificates by using any web browser. Simply click on the padlock icon located near the URL of the page. This will allow you to view and export the certificate chain used by that website.- This topic was modified 10 months, 4 weeks ago by acamara.
wayneModeratorVery helpful feedback.
We will include this info in the new docs that are being drafted now.
Regards,
Wayne
idle-engineeringParticipantI have tried this approach and was able to successfully get completions working behind the company’s proxy…
…for a few days. Now completions no longer work behind the proxy. However I cannot properly debug the issue as there is nothing clearly visible in the logs.
LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”id”:”17″,”result”:{“status”:”OK”,”user”:<blabla>}}
— seems to be able to communicatehowever completions fail with no explaination:
[2024-03-20T15:44:32.171184100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”statusNotification”,”params”:{“status”:”InProgress”,”message”:””}}
[2024-03-20T15:44:32.171184100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”LogMessage”,”params”:{“level”:1,”message”:”[INFO] [default] [2024-03-20T14:44:32.170Z] [fetchCompletions] engine https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex”,”metadataStr”:”[INFO] [default] [2024-03-20T14:44:32.170Z]”,”extra”:[“[fetchCompletions] engine https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex”%5D}}
[2024-03-20T15:44:32.289230600+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”LogMessage”,”params”:{“level”:1,”message”:”[INFO] [default] [2024-03-20T14:44:32.288Z] request.response: [https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions] took 118 ms”,”metadataStr”:”[INFO] [default] [2024-03-20T14:44:32.288Z]”,”extra”:[“request.response: [https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions] took 118 ms”]}}
[2024-03-20T15:44:32.290223300+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”statusNotification”,”params”:{“status”:”Warning”,”message”:””}}
[2024-03-20T15:44:32.291222800+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”id”:”111″,”result”:{“completions”:[],”cancellationReason”:”OtherFailure”}}
[2024-03-20T15:44:33.757321+01:00] LSP4E_TO_LANGUAGE_SERVER com.genuitec.copilot4eclipse.copilot:— so not really informative.
Any thoughts would be highly appreciated
- This reply was modified 9 months ago by idle-engineering.
ros2jsguyParticipant@idle-engineering
Thx for sharing the details. As you have indicated the log info is lacking details for why completion data is empty.A few questions:
1) Does this experience with empty completion data persist a 100% for over 24 hours?2) Have you restarted your machine and the problem still exists?
3) What OS or OSes are you using?
3a) Does this problem exist across multiple instances of Eclipse/Copilot4Eclipse – may not be applicable question?4) Have you signed out and back in from Copilot4Eclipse and also directly sign out/in from your GitHub account?
5) Would you be interested in trying a very recent developer build of Copilot4Eclipse ver 1.2? The next version includes upgraded api. If yes contact me at info@genuitec.com and reference this thread and me (Wayne).
Wayne
Copilot4Eclipse Dev Team
fidleyParticipantwhat about using in eclipse.ini following lines after -vmargs?
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.trustStoreType=Windows-ROOTFor me this helps with certificates on Marketplace for example. It’s reading the certificates from Windows.
wayneModerator@fidley, the copilot api runs as a separate nodejs process that handles secure communications with github copilot services. An issue is nodejs is kind of funky in it’s visibility to system managed root certificates. Copilot4Eclipse uses the node modules win-ca, mac-ca and linux-ca for accessing system root certs for our nodejs process on the respective os platform. In most cases this is adequate. We are definitely open to expanding this support to address as many issues as practical.
Wayne
fidleyParticipantThanks for clarification
ClaRenGonParticipant@wayne, since the update to Copilot 1.2.0 i get often the error message with “Timeout” and the automatic completion is not working anymore. I’m sitting behind a company proxy which makes everything a bit tricky.
In the Logs i’ve seen following error message:
!ENTRY com.genuitec.copilot4eclipse 4 0 2024-05-27 10:56:31.458 !MESSAGE Cannot invoke "com.genuitec.copilot4eclipse.lsp.messages.CheckStatusResult.isSignedIn()" because "<parameter1>" is null !STACK 0 java.lang.NullPointerException: Cannot invoke "com.genuitec.copilot4eclipse.lsp.messages.CheckStatusResult.isSignedIn()" because "<parameter1>" is null at com.genuitec.copilot4eclipse.Copilot4Eclipse.notifyStatusChange(Unknown Source) at com.genuitec.copilot4eclipse.Copilot4Eclipse.lambda$0(Unknown Source) at com.genuitec.copilot4eclipse.Copilot4Eclipse$1.run(Unknown Source) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) !ENTRY com.genuitec.copilot4eclipse 4 0 2024-05-27 10:56:32.284 !MESSAGE Timeout while checking Copilot status
Any help on this would be appreciated.
- This reply was modified 6 months, 3 weeks ago by ClaRenGon.
wayneModeratorHi,
The stacktrace indicates that our client api’s connection to GitHub Copilot services is timeout as the Copilot service is not responding in a timely manner or not responding at all.Can you describe a typical scenario or for when Copilot4Eclipse is not functioning correctly?
1. When you start up Eclipse are code suggestions being generated or Chat features are responsive?
1a. If yes, how long before Copilot4Eclipse goes into an error state?
2. Does Status Dialog have any useful error messages, e.g., select the Copilot4Eclipse menu > Status to open the dialog.
3. When Copilot4Eclipse is not functioning correctly does restarting Eclipse restore Copilot4Eclipse to a functional state?Wayne
Copilot4Eclipse Team
davidmichaelkarrParticipantI also am seeing very similar symptoms. I just installed the 0527 version, and it goes into the Error state just as quickly as it always has. When I restart Eclipse, it’s in the Ready state only briefly. I can probably get a few responses out of it before it fails. The status dialog doesn’t tell me anything more than the error log does, it just says “Timeout while checking Copilot status”.
wayneModerator> The status dialog doesn’t tell me anything more than the error log does, it just says “Timeout while checking Copilot status”.
We are working on an improvement for this situation. Hopefully as soon as early next week. I’ll post an update as soon as we have this update available.
Wayne
Copilot4Eclipse Team -
AuthorPosts