Improved detection of cert errors (#82)

DonJayamanne · web-flow · commit c1005b4374cb · 2025-04-03T09:09:46.000+02:00
diff --git a/src/common/request.ts b/src/common/request.ts
@@ -7,6 +7,7 @@ import { Localized } from './localize';
 import { raceCancellationError } from './async';
 import { solveCertificateProblem } from './telemetry';
 import { traceError } from './logging';
+import { isSelfCertsError } from '../validator';
 
 /**
  * Responsible for intercepting connections to a remote server and asking for a password if necessary
@@ -27,7 +28,7 @@ export class SimpleFetch {
             );
         } catch (e) {
             traceError(`Error sending request to ${url}`, e);
-            if (e.message.indexOf('reason: self signed certificate') >= 0) {
+            if (isSelfCertsError(e)) {
                 // Ask user to change setting and possibly try again.
                 const value = await window.showErrorMessage(
                     Localized.jupyterSelfCertFail(e.message),
diff --git a/src/validator.ts b/src/validator.ts
@@ -356,7 +356,12 @@ function isUnableToGetIssuerCertError(err: Error) {
  * The URI entry box when picking a server. It should ask the user if they want to allow it anyway.
  */
 export function isSelfCertsError(err: Error) {
-    return err.message.indexOf('reason: self signed certificate') >= 0 || isUnableToGetIssuerCertError(err);
+    return (
+        err.message.indexOf('reason: self signed certificate') >= 0 ||
+        err.message.indexOf("is not in the cert's list") >= 0 ||
+        err.message.indexOf('reason: unable to verify the first certificate') >= 0 ||
+        isUnableToGetIssuerCertError(err)
+    );
 }
 
 export async function handleSelfCertsError(message: string): Promise<boolean> {
