From 76c08baaa0cf91beed61ac12988b3ea67db57520 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Wed, 10 Mar 2021 21:45:48 +0100 Subject: [PATCH] httpclient: load CA certificates only when required on Windows x509.SystemCertPool is not implemented and therefore we end uo with an empty certificate pool if we load the CA certificates unconditionally --- httpclient/httpclient.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/httpclient/httpclient.go b/httpclient/httpclient.go index 06b6e7b4..2f12c7b9 100644 --- a/httpclient/httpclient.go +++ b/httpclient/httpclient.go @@ -83,6 +83,9 @@ func (c *Config) Initialize(configDir string) error { // loadCACerts returns system cert pools and try to add the configured // CA certificates to it func (c *Config) loadCACerts(configDir string) (*x509.CertPool, error) { + if len(c.CACertificates) == 0 { + return nil, nil + } rootCAs, err := x509.SystemCertPool() if err != nil { rootCAs = x509.NewCertPool()