json-language-features is attempting to use expired certificates when valid certificates are available

[ccopsey]

Type: Bug

Inside my corporate environment we have self-signed man-in-the-middle certificates protecting internet traffic. The certificates are distributed to Windows clients via Group Policy. A number of these certificates have expired, although valid certificates are also present. No other software seems to care, but vscode.json-language-features complains certificate has expired. It doesn't find the good certificates.

• If I manually remove the expired certificates, no errors are logged. But Group Policy pushes them back out periodically.
• If I take a laptop which exhibits this issue out of the corporate environment, no errors are logged.

Please let me know if there is any extra information I can provide, or logs I can look for.

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  ...
}

[2022-10-06 11:17:44.461] [exthost] [trace] [DiagnosticCollection] change many (extension, owner, uris) 
vscode.json-language-features _generated_diagnostic_collection_name_#1 
[
  [
    {
      "$mid":1,
      "fsPath":"******\\default.json",
      "_sep":1,
      "external":"file:///******/default.json",
      "path":"/******/default.json",
      "scheme":"file"
    },
    [
      {
        "startLineNumber":2,
        "startColumn":14,
        "endLineNumber":2,
        "endColumn":65,
        "message":"Unable to load schema from 'https://docs.renovatebot.com/renovate-schema.json': certificate has expired.",
        "code":"768",
        "severity":4
      }
    ]
  ]
]

VS Code version: Code 1.71.2 (74b1f97, 2022-09-14T21:03:37.738Z)
OS version: Windows_NT x64 10.0.19042
Modes:
Sandboxed: No

Extensions: none

[aeschli]

The schema is loaded in the extension host, using the http/https node modules.

[ccopsey]

I tried chasing this a little more and I think root of the issue lies here: ukoloff/win-ca#41