Add support for proxies like Cloudflare Warp or Netskope
ginolegigot opened this issue · comments
Preflight Checklist
- I have read the Contributing Guidelines for this project.
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for a feature request that matches the one I want to file, without success.
Problem Description
Hello,
Currently i'm using Cloudflare Warp have issues with Cloudflare certificates issuer not recognized.
I tried to add Cloudflare Warp CA in the recent trusted certificates folder on the nightly version (v6.7.1-nightly.14 and v6.7.1-nightly.11) which brings this feature (#1545) but it did not work.
I'm on Ubuntu 22.04 using the nightly version of Ferdium with Snap (also tried the deb package of the nightly edition).
Some logs:
[8614:0207/101752.432920:ERROR:ssl_client_socket_impl.cc(975)] handshake failed; returned -1, SSL error code 1, net_error -202
[7220:0207/101752.938335:ERROR:cert_verify_proc_builtin.cc(705)] CertVerifyProcBuiltin for discord.com failed:
----- Certificate i=1 (OU=Gateway Intermediate ECC Certificate Authority,O=Cloudflare\, Inc.,L=San Francisco,ST=California,C=US) -----
ERROR: No matching issuer found
[8614:0207/101752.938540:ERROR:ssl_client_socket_impl.cc(975)] handshake failed; returned -1, SSL error code 1, net_error -202
[8614:0207/101753.467530:ERROR:ssl_client_socket_impl.cc(975)] handshake failed; returned -1, SSL error code 1, net_error -202
Proposed Solution
Maybe just inherit from trusted certificates from the system (typically in ubuntu the trusted certs will be stored in /etc/ssl/certs or /usr/share/ca-certificates which would enlarge the trusted certificates support to this kind of proxy and allow to reach basic services like discord to work with this kind of "proxy"
Alternatives Considered
I did not find any alternatives other than switching app from ferdium to a pwa app or web app. fwiw, rambox has also the same issue for teams for linux for example does not
Additional Information
No response