Skip to content

Commit

Permalink
proxy: Add fallback to x509.NewCertPool() on Windows
Browse files Browse the repository at this point in the history 
On Windows, x509.SystemCertPool returns an error:
golang/go#16736

This commit reverts to the behaviour before commit b50dc99 when catching
such an error. This means https_proxy=https://... will be broken for
non-mitm https proxies. Such proxies were not usable before the PR
adding b50dc99, so this should not have much impact for our existing
users.

These CAs are used:
- when accessing telemetry
- when checking for a new crc version
- when downloading binaries (only happens with git builds)

This fixes crc-org#2770
  • Loading branch information
@cfergeau
cfergeau committed Sep 28, 2021
1 parent 3cfaa10 commit e8735a3
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion pkg/crc/network/proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,8 @@ func (p *ProxyConfig) tlsConfig() (*tls.Config, error) {
}
caCertPool, err := x509.SystemCertPool()
if err != nil {
return nil, err
logging.Warnf("Could not load system CA pool")
caCertPool = x509.NewCertPool()
}
ok := caCertPool.AppendCertsFromPEM([]byte(p.ProxyCACert))
if !ok {
Expand Down

0 comments on commit e8735a3

Please sign in to comment.