From 6348c4898e75b512550c3c495a0633032473b5ff Mon Sep 17 00:00:00 2001 From: Anisha Hirji Date: Mon, 21 Nov 2016 10:33:33 -0800 Subject: [PATCH] only append to system cert pool on non-windows os SystemCertPool is not supported on windows in go 1.7. see https://github.com/golang/go/issues/16736 Once 1.8 is released we can remove special condition and always append to system cert pool. [#133304007] Signed-off-by: Maria Shaldibina --- rc/target.go | 17 ++++++++++++++--- rc/target_test.go | 10 ++++++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/rc/target.go b/rc/target.go index 2767191..84d6485 100644 --- a/rc/target.go +++ b/rc/target.go @@ -8,6 +8,7 @@ import ( "net" "net/http" "os" + "runtime" "time" "github.com/concourse/fly/ui" @@ -335,10 +336,20 @@ func loadCACertPool(caCert string) (cert *x509.CertPool, err error) { return nil, nil } - pool, err := x509.SystemCertPool() - if err != nil { - return nil, err + // TODO: remove else block once we switch to go 1.8 + // x509.SystemCertPool is not supported in go 1.7 on Windows + // see: https://github.com/golang/go/issues/16736 + var pool *x509.CertPool + if runtime.GOOS != "windows" { + var err error + pool, err = x509.SystemCertPool() + if err != nil { + return nil, err + } + } else { + pool = x509.NewCertPool() } + ok := pool.AppendCertsFromPEM([]byte(caCert)) if !ok { return nil, errors.New("CA Cert not valid") diff --git a/rc/target_test.go b/rc/target_test.go index ab90498..2b81cb6 100644 --- a/rc/target_test.go +++ b/rc/target_test.go @@ -7,6 +7,7 @@ import ( "net/http" "os" "path/filepath" + "runtime" "github.com/concourse/fly/rc" "golang.org/x/oauth2" @@ -114,8 +115,13 @@ AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k base, ok := (*transport).Base.(*http.Transport) Expect(ok).To(BeTrue()) - expectedCaCertPool, err := x509.SystemCertPool() - Expect(err).NotTo(HaveOccurred()) + var expectedCaCertPool *x509.CertPool + if runtime.GOOS != "windows" { + expectedCaCertPool, err = x509.SystemCertPool() + Expect(err).NotTo(HaveOccurred()) + } else { + expectedCaCertPool = x509.NewCertPool() + } ok = expectedCaCertPool.AppendCertsFromPEM([]byte(rootCA)) Expect(ok).To(BeTrue())