- This topic has 6 replies, 5 voices, and was last updated 1 month ago by
.
-
Posts
-
Hello everyone,
Great job on the launch of version 1.0.0. The issues with connecting through the corporate proxy are almost resolved.
It seems that the system now recognizes the configured proxy and makes use of it. However, there’s an issue with proxies that replace SSL certificates with their own for network traffic content analysis.
The error in the language server logs looks like this:
[2024-01-25T07:49:55.222083100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot: {"jsonrpc":"2.0","method":"LogMessage","params":{"level":3,"message":"[ERROR] [ghostText] [2024-01-25T06:49:55.220Z] Error on ghost text request: (FetchError) unable to get local issuer certificate","metadataStr":"[ERROR] [ghostText] [2024-01-25T06:49:55.220Z]","extra":["Error on ghost text request: (FetchError) unable to get local issuer certificate"]}}It appears that the “unable to get local issuer certificate” error is thrown by the Node process in Eclipse.
For now, to solve this, at least on Windows, I’ve added this environment variable for Node:
setx NODE_EXTRA_CA_CERTS d:\mydir\corporate-certs.crtThe corporate-certs.crt file is a concatenation of the different certificates needed. To do this, create a new .pem or .crt file and add the content of each of the CA certificates. You should do this in the same order that you want them to be read. Make sure each certificate begins with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–. For example:
-----BEGIN CERTIFICATE----- MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv MQswCQYDVQ...etcetc -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv MQswCQYDVQ...etcetc -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIIEjCCBfqgAwIBAgIQbyVX/muJ77VXyVtaDJjOMzANBgkqhkiG9w0BAQsFADBv MQswCQYDVQ...etcetc -----END CERTIFICATE-----With this environment variable, I managed to get it working.
edit:
you can obtain the corporate browsing certificates by using any web browser. Simply click on the padlock icon located near the URL of the page. This will allow you to view and export the certificate chain used by that website.Very helpful feedback.
We will include this info in the new docs that are being drafted now.
Regards,
WayneI have tried this approach and was able to successfully get completions working behind the company’s proxy…
…for a few days. Now completions no longer work behind the proxy. However I cannot properly debug the issue as there is nothing clearly visible in the logs.
LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”id”:”17″,”result”:{“status”:”OK”,”user”:<blabla>}}
— seems to be able to communicatehowever completions fail with no explaination:
[2024-03-20T15:44:32.171184100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”statusNotification”,”params”:{“status”:”InProgress”,”message”:””}}
[2024-03-20T15:44:32.171184100+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”LogMessage”,”params”:{“level”:1,”message”:”[INFO] [default] [2024-03-20T14:44:32.170Z] [fetchCompletions] engine https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex”,”metadataStr”:”[INFO] [default] [2024-03-20T14:44:32.170Z]”,”extra”:[“[fetchCompletions] engine https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex”%5D}}
[2024-03-20T15:44:32.289230600+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”LogMessage”,”params”:{“level”:1,”message”:”[INFO] [default] [2024-03-20T14:44:32.288Z] request.response: [https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions] took 118 ms”,”metadataStr”:”[INFO] [default] [2024-03-20T14:44:32.288Z]”,”extra”:[“request.response: [https://copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions] took 118 ms”]}}
[2024-03-20T15:44:32.290223300+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”method”:”statusNotification”,”params”:{“status”:”Warning”,”message”:””}}
[2024-03-20T15:44:32.291222800+01:00] LANGUAGE_SERVER_TO_LSP4E com.genuitec.copilot4eclipse.copilot:
{“jsonrpc”:”2.0″,”id”:”111″,”result”:{“completions”:[],”cancellationReason”:”OtherFailure”}}
[2024-03-20T15:44:33.757321+01:00] LSP4E_TO_LANGUAGE_SERVER com.genuitec.copilot4eclipse.copilot:— so not really informative.
Any thoughts would be highly appreciated
@idle-engineering
Thx for sharing the details. As you have indicated the log info is lacking details for why completion data is empty.A few questions:
1) Does this experience with empty completion data persist a 100% for over 24 hours?2) Have you restarted your machine and the problem still exists?
3) What OS or OSes are you using?
3a) Does this problem exist across multiple instances of Eclipse/Copilot4Eclipse – may not be applicable question?4) Have you signed out and back in from Copilot4Eclipse and also directly sign out/in from your GitHub account?
5) Would you be interested in trying a very recent developer build of Copilot4Eclipse ver 1.2? The next version includes upgraded api. If yes contact me at info@genuitec.com and reference this thread and me (Wayne).
Wayne
Copilot4Eclipse Dev Teamwhat about using in eclipse.ini following lines after -vmargs?
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.trustStoreType=Windows-ROOTFor me this helps with certificates on Marketplace for example. It’s reading the certificates from Windows.
@fidley, the copilot api runs as a separate nodejs process that handles secure communications with github copilot services. An issue is nodejs is kind of funky in it’s visibility to system managed root certificates. Copilot4Eclipse uses the node modules win-ca, mac-ca and linux-ca for accessing system root certs for our nodejs process on the respective os platform. In most cases this is adequate. We are definitely open to expanding this support to address as many issues as practical.
Wayne
