From d71d95b2603a7c01f24942824bd9cd4b4aa64035 Mon Sep 17 00:00:00 2001
From: Jackson Chen <90215880+Sma1lboy@users.noreply.github.com>
Date: Thu, 10 Oct 2024 21:41:33 -0500
Subject: [PATCH] fix(agent): adding try-catch during loading certs, prevent
 error (#3257)

---
 clients/tabby-agent/src/certsLoader.ts | 44 +++++++++++++++-----------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/clients/tabby-agent/src/certsLoader.ts b/clients/tabby-agent/src/certsLoader.ts
index b5a765295def..1ea81f90bf1e 100644
--- a/clients/tabby-agent/src/certsLoader.ts
+++ b/clients/tabby-agent/src/certsLoader.ts
@@ -56,26 +56,34 @@ async function loadFromFiles(files: string) {
 }
 
 async function loadTlsCaCerts(config: ConfigData["tls"]) {
-  if (config.caCerts === "bundled") {
-    return;
-  } else if (config.caCerts === "system") {
-    if (process.platform === "win32") {
-      logger.debug(`Loading extra certs from win-ca.`);
-      winCa.exe(path.join("win-ca", "roots.exe"));
-      winCa({
-        fallback: true,
-        inject: "+",
-      });
-    } else if (process.platform === "darwin") {
-      logger.debug(`Loading extra certs from mac-ca.`);
-      const certs = macCa.get();
-      appendCaCerts(certs);
+  try {
+    if (config.caCerts === "bundled") {
+      return;
+    } else if (config.caCerts === "system") {
+      if (process.platform === "win32") {
+        logger.debug(`Loading extra certs from win-ca.`);
+        winCa.exe(path.join("win-ca", "roots.exe"));
+        winCa({
+          fallback: true,
+          inject: "+",
+        });
+      } else if (process.platform === "darwin") {
+        logger.debug(`Loading extra certs from mac-ca.`);
+        const certs = macCa.get();
+        appendCaCerts(certs);
+      } else {
+        // linux: load from openssl cert
+        await loadFromFiles(path.join("/etc/ssl/certs/ca-certificates.crt"));
+      }
+    } else if (config.caCerts) {
+      await loadFromFiles(config.caCerts);
+    }
+  } catch (err) {
+    if (err instanceof Error) {
+      logger.warn(`Error loading TLS CA certificates: ${err.message}`);
     } else {
-      // linux: load from openssl cert
-      await loadFromFiles(path.join("/etc/ssl/certs/ca-certificates.crt"));
+      logger.warn(`Unexpected error loading TLS CA certificates: ${String(err)}`);
     }
-  } else if (config.caCerts) {
-    await loadFromFiles(config.caCerts);
   }
 }