httpclient: load CA certificates only when required

on Windows x509.SystemCertPool is not implemented and therefore we end uo with an empty certificate pool if we load the CA certificates unconditionally
2025-12-07 14:50:55 +03:00 · 2021-03-10 21:45:48 +01:00
parent 67ea75cf03
commit 76c08baaa0
1 changed files with 3 additions and 0 deletions
--- a/httpclient/httpclient.go
+++ b/httpclient/httpclient.go
@@ -83,6 +83,9 @@ func (c *Config) Initialize(configDir string) error {
 // loadCACerts returns system cert pools and try to add the configured
 // CA certificates to it
 func (c *Config) loadCACerts(configDir string) (*x509.CertPool, error) {
+	if len(c.CACertificates) == 0 {
+		return nil, nil
+	}
 	rootCAs, err := x509.SystemCertPool()
 	if err != nil {
 		rootCAs = x509.NewCertPool()