Use the OS-level CA certificate bundle(s) for network calls #19620
Description
Summary
Zed does not leverage user's operating system CA certificate store, not support providing a custom bundle.
Description
Zed does not use OS-level CA certificate bundles, which causes it to fail to make any network call when installed in many corporate/security-conscious orgs that use forward proxy type infra/products to secure outbound traffic - e.g. Cloudflare Zero Trust, ZScaler, Palo Alto, Netskope, and many others.
Connections fail with an expected "invalid peer certificate" error as Zed's network libs don't trust the additionally installed cert.
Examples of things that fail:
- Sign in
- Updates
- Collab features
- Extension API calls (e.g. to AI providers)
- etc
Somewhat related:
If applicable, add mockups / screenshots to help present your vision of the feature
Ideally:
- Zed should use the OS CA cert bundles as the default. If users want to override Zed specifically, I could imagine Zed providing an option to override it within the app itself by providing a list of paths to valid CA bundles.
- On macOS, Zed should use the OS keychain APIs to pull the cert bundle and ensure it is used by any network APIs Zed relies on.
"ca_certificate_bundle": "os" | "custom" # where "os" is the default and uses OS APIs or default paths
"ca_certificate_bundle_path": string[] # accepts an array of paths