Error when I install plugin_manager

[razvanab]

I use:
Continuous Release

lpm.exe install plugin_manager --assume-yes --trace
[ssl] SSL directory set to C:\Users\razva\miniconda3\Library\ssl\certs.
[ssl] mbedtls_x509_crt_parse_path on C:\Users\razva\miniconda3\Library\ssl\certs failed to parse 1 certificates, but still succeeded.
[libgit2]: Sending GET request to https://github.com/lite-xl/lite-xl-plugin-manager.git/info/refs?service=git-upload-pack
[libgit2]: Connecting to remote github.com port 443
Fetching https://github.com/lite-xl/lite-xl-plugin-manager.git:latest...
git remote fetch error: the SSL certificate is invalid: 0x08 - The certificate is not correctly signed by the trusted CA

[adamharrison]

Huh. That's super weird. Strange folder to use too.

lpm will, on windows, use your system's default certificate bundle, unless SSL_CERT_DIR or SSL_CERT_FILE are defined.

It looks like SSL_CERT_DIR is probably defined. Can you check that it is by doing echo $SSL_CERT_DIR?

If so, it's possible that that particularly certificate directory is corrupted. You can try undefining that variable, and then running lpm again; it should grab Windows' internal certificate bundle.

[razvanab]

Nothing when I run echo $SSL_CERT_DIR The output is just $SSL_CERT_DIR

[adamharrison]

Oh; good point right, it's on windows. Try echo %SSL_CERT_DIR%.

[razvanab]

Same, the variable is not set.

[razvanab]

I don't know if this helps, but I dug around a little and I found this about SSL.

openssl version -a                                                               
OpenSSL 3.4.0 22 Oct 2024 (Library: OpenSSL 3.4.0 22 Oct 2024)
built on: Tue Nov 12 02:07:17 2024 UTC
platform: VC-WIN64A
options:  bn(64,64)
compiler: cl.exe  /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"
OPENSSLDIR: "C:\Program Files\Common Files\ssl"
ENGINESDIR: "D:\bld\openssl_split_1731376827144\_h_env\Library\lib\engines-3"
MODULESDIR: "D:\bld\openssl_split_1731376827144\_h_env\Library\lib\ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfed8320b078bffff:0x209c01a9

[adamharrison]

Hrm. I guess try SSL_CERT_FILE? If that's not set, I honestly have no idea. lpm doesn't use openssl directories by default; it uses mbedtls, which is a different library, and I specifically tell it what to use in the code.

If it's not SSL_CERT_FILE, then soemthing's really wonky.

To just get it working, you can do --ssl-certs=noverify, but keep in mind this will open you to man in the middle attacks if you're on an untrusted network (realistically, probably not a huge likelihood, but generally bad practice).

I'll push a change so that you can override whatever the environment behavior to force pulling the system certificate bundle.

Either way though, plugin_manager itself uses lpm, so you'll have to probably pass it whatever command line options work to it in config.plugins.plugin_manager.ssl_certs.

[razvanab]

I understand the danger of that. I did use  -ssl-certs=noverify and it did work. Thanks