Skip to content

fix(amazonq): Remove setSystemCertificates from proxyUtil #7558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 7, 2025
Merged

fix(amazonq): Remove setSystemCertificates from proxyUtil #7558

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 0 additions & 41 deletions packages/core/src/shared/utilities/proxyUtil.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@

import vscode from 'vscode'
import { getLogger } from '../logger/logger'
import { tmpdir } from 'os'
import { join } from 'path'
import * as nodefs from 'fs' // eslint-disable-line no-restricted-imports

interface ProxyConfig {
proxyUrl: string | undefined
Expand Down Expand Up @@ -73,9 +70,6 @@ export class ProxyUtil {
// Always enable experimental proxy support for better handling of both explicit and transparent proxies
process.env.EXPERIMENTAL_HTTP_PROXY_SUPPORT = 'true'

// Load built-in bundle and system OS trust store
process.env.NODE_OPTIONS = '--use-system-ca'

const proxyUrl = config.proxyUrl
// Set proxy environment variables
if (proxyUrl) {
Expand Down Expand Up @@ -104,41 +98,6 @@ export class ProxyUtil {
process.env.NODE_EXTRA_CA_CERTS = config.certificateAuthority
process.env.AWS_CA_BUNDLE = config.certificateAuthority
this.logger.debug(`Set certificate bundle path: ${config.certificateAuthority}`)
} else {
// Fallback to system certificates if no custom CA is configured
await this.setSystemCertificates()
}
}

/**
* Sets system certificates as fallback when no custom CA is configured
*/
private static async setSystemCertificates(): Promise<void> {
try {
const tls = await import('tls')
// @ts-ignore Get system certificates
const systemCerts = tls.getCACertificates('system')
// @ts-ignore Get any existing extra certificates
const extraCerts = tls.getCACertificates('extra')
const allCerts = [...systemCerts, ...extraCerts]
if (allCerts && allCerts.length > 0) {
this.logger.debug(`Found ${allCerts.length} certificates in system's trust store`)

const tempDir = join(tmpdir(), 'aws-toolkit-vscode')
if (!nodefs.existsSync(tempDir)) {
nodefs.mkdirSync(tempDir, { recursive: true })
}

const certPath = join(tempDir, 'vscode-ca-certs.pem')
const certContent = allCerts.join('\n')

nodefs.writeFileSync(certPath, certContent)
process.env.NODE_EXTRA_CA_CERTS = certPath
process.env.AWS_CA_BUNDLE = certPath
this.logger.debug(`Set system certificate bundle path: ${certPath}`)
}
} catch (err) {
this.logger.error(`Failed to extract system certificates: ${err}`)
}
}
}
Loading