Unable to configure corporate certificate authority, extension throws sun.security.provider.certpath.SunCertPathBuilderException

[aj-stein-gsa]

I have tried a variety of user and workspace settings in VS Code IDE with the current version info with version v0.27.1 of this plugin:

Version: 1.94.0 (Universal)
Commit: d78a74bcdfad14d5d3b1b782f87255d802b57511
Date: 2024-10-02T13:08:12.626Z (1 day ago)
Electron: 30.5.1
ElectronBuildId: 10262041
Chromium: 124.0.6367.243
Node.js: 20.16.0
V8: 12.4.254.20-electron.0
OS: Darwin arm64 23.6.0

We are behind a corporate network security system that can and does intercept HTTPS and opt to use its own certificate authority, not the official ones common to HTTPS services their owners deploy. This security service is an aggressive proxy, so the local proxy settings or TLS configurations are not effective unless I ignore all certificate errors in VS Code. Network settings ensure I use the CA for traffic intercept. Personally, disabling all cert checks is beyond my risk appetite and I do not want to do that. This extension does not seem to have a documented way to load certificate authorities and it does not seem to use the macOS operating system default (Keychain), as other VS Code components do not have this issue. I only see the below are on any XML processing instruction, <?xml-model?>, xsi:schemaLocation, and DOCTYPE URLs. They all have the following error.

Error while downloading 'https://qualysguard.qg2.apps.qualys.com/scan-1.dtd' to '/Users/me/.lemminx/cache/https/qualysguard.qg2.apps.qualys.com/scan-1.dtd' : '[sun.security.provider.certpath.SunCertPathBuilderException] unable to find valid certification path to requested target'.

Is there a system to relax this? Would a PR be welcome to fix this issue? It frequently impacts my development team. In either case, thanks again for excellent software. I have been using this extension reliable for a long while, and I very much appreciate the prodiguous effort that went into it.