mediar-ai/screenpipe

[bug] $150 screenpipe self signed certs issue - tls connection init failed

Closed this issue · 21 comments

describe the bug
brief description of the bug.

to reproduce

  1. Install screenpipe via homebrew
  2. Start screenpipe via command line

expected behavior
Seeing the following error:

2024-11-21T19:08:28.461123Z ERROR screenpipe: continuous recording error: request error: https://huggingface.co/openai/whisper-large-v3-turbo/resolve/main/config.json: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer

system info

  • os: 15.1 (24B83)
  • screenpipe version: 0.1.98

additional context
It's related to a self signed certificate. The certificate is trusted in the MacOs KeyChain. However, it is not recognized by screenpipe. Is there a way to let screenpipe trust this self signed cert?

are you in china or behind firewall?

Located in North Americas. I am on a corporate laptop so behind VPN/firewall stuff.

Update: If I stop the corporate VPN (GlobalProtect), the problem is gone.

@louis030195 Any updates on this, it would be great if we had system keychain/certificates imported by default. I believe currently I'm seeing this same issue due to ZScaler on our corporate machines.

some ideas from AI:

use reqwest::Client;
use std::time::Duration;

pub fn create_client() -> Result<Client> {
    let client = Client::builder()
        .timeout(Duration::from_secs(30))
        .use_system_proxy() // Use system proxy settings
        .tls_built_in_root_certs(true) // Use system root certificates
        .build()
        .context("failed to create http client")?;

    Ok(client)
}

@joshuaauger

i'm not sure where is the problem, should i send a PR to huggingface or is it something in our CLI code?

not familiar at all with this

huggingface/candle#2668

trying to figure out

@louis030195

I'm no rust developer, but I think rustls doesn't use the system certificates but native-tls does.

something similar to this:
#38

/bounty 150

💎 $150 bounty • Screenpi.pe

Steps to solve:

  1. Start working: Comment /attempt #730 with your implementation plan
  2. Submit work: Create a pull request including /claim #730 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to mediar-ai/screenpipe!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🟢 @neo773 #982

💡 @neo773 submitted a pull request that claims the bounty. You can visit your bounty board to reward.

@neo773
I'm on MacOS, trying to follow the build guide but I don't see any changes in behaviour. What do I need to do to build with your changes?

I see this message from screenpipe-audio, maybe I'm not building correctly:

[2024-12-16T01:53:04Z DEBUG rustls::client::hs] ALPN protocol is None
Error: request error: https://huggingface.co/distil-whisper/distil-large-v3/resolve/main/model.safetensors: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer

Caused by:
    0: https://huggingface.co/distil-whisper/distil-large-v3/resolve/main/model.safetensors: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer
    1: invalid peer certificate: UnknownIssuer

🎉🎈 @neo773 has been awarded $150! 🎈🎊

#986

Added a PR, this was required for me to get past the certificate issue, not sure why the patch alone wasn't working, but I needed the features in the workspace dependencies, added the workspace = true to server, and added the feature to core, didn't work without all of the changes

Not sure if anything else broke, need someone to verify PR and do a full test.

@louis030195 let me know if we can run a test build with the changes!

Thanks!

neo773 commented

Yes, the issue was other workspace packages had conflicts with feature flags.

I couldn't really test it within screenpipe as I did not have the same setup as you so I tested the changes within my fork of hf-hub and it worked fine .

Seems to be working now.

Awesome!
Thanks for confirming @neo773.

@joshuaauger @zy31415 is it working now?