[bug] $150 screenpipe self signed certs issue - tls connection init failed
Closed this issue · 21 comments
describe the bug
brief description of the bug.
to reproduce
- Install screenpipe via homebrew
- Start screenpipe via command line
expected behavior
Seeing the following error:
2024-11-21T19:08:28.461123Z ERROR screenpipe: continuous recording error: request error: https://huggingface.co/openai/whisper-large-v3-turbo/resolve/main/config.json: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer
system info
- os: 15.1 (24B83)
- screenpipe version: 0.1.98
additional context
It's related to a self signed certificate. The certificate is trusted in the MacOs KeyChain. However, it is not recognized by screenpipe. Is there a way to let screenpipe trust this self signed cert?
are you in china or behind firewall?
Located in North Americas. I am on a corporate laptop so behind VPN/firewall stuff.
Update: If I stop the corporate VPN (GlobalProtect), the problem is gone.
@louis030195 Any updates on this, it would be great if we had system keychain/certificates imported by default. I believe currently I'm seeing this same issue due to ZScaler on our corporate machines.
some ideas from AI:
use reqwest::Client;
use std::time::Duration;
pub fn create_client() -> Result<Client> {
let client = Client::builder()
.timeout(Duration::from_secs(30))
.use_system_proxy() // Use system proxy settings
.tls_built_in_root_certs(true) // Use system root certificates
.build()
.context("failed to create http client")?;
Ok(client)
}
i'm not sure where is the problem, should i send a PR to huggingface or is it something in our CLI code?
not familiar at all with this
trying to figure out
I'm no rust developer, but I think rustls doesn't use the system certificates but native-tls does.
something similar to this:
#38
/bounty 150
💎 $150 bounty • Screenpi.pe
Steps to solve:
- Start working: Comment
/attempt #730
with your implementation plan - Submit work: Create a pull request including
/claim #730
in the PR body to claim the bounty - Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts
Thank you for contributing to mediar-ai/screenpipe!
Add a bounty • Share on socials
Attempt | Started (GMT+0) | Solution |
---|---|---|
🟢 @neo773 | #982 |
💡 @neo773 submitted a pull request that claims the bounty. You can visit your bounty board to reward.
@neo773
I'm on MacOS, trying to follow the build guide but I don't see any changes in behaviour. What do I need to do to build with your changes?
I see this message from screenpipe-audio, maybe I'm not building correctly:
[2024-12-16T01:53:04Z DEBUG rustls::client::hs] ALPN protocol is None
Error: request error: https://huggingface.co/distil-whisper/distil-large-v3/resolve/main/model.safetensors: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer
Caused by:
0: https://huggingface.co/distil-whisper/distil-large-v3/resolve/main/model.safetensors: Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer
1: invalid peer certificate: UnknownIssuer
🎉🎈 @neo773 has been awarded $150! 🎈🎊
Added a PR, this was required for me to get past the certificate issue, not sure why the patch alone wasn't working, but I needed the features in the workspace dependencies, added the workspace = true
to server, and added the feature to core, didn't work without all of the changes
Not sure if anything else broke, need someone to verify PR and do a full test.
@louis030195 let me know if we can run a test build with the changes!
Thanks!
Yes, the issue was other workspace packages had conflicts with feature flags.
I couldn't really test it within screenpipe as I did not have the same setup as you so I tested the changes within my fork of hf-hub
and it worked fine .
Seems to be working now.
Awesome!
Thanks for confirming @neo773.
@joshuaauger @zy31415 is it working now?