merge system cert pool with own certs (#2226)

2023-05-25 10:10:58 +02:00 · 2023-05-25 10:10:58 +02:00 · 025f14f879
parent e5fe74ce77
commit 025f14f879
3 changed files with 21 additions and 3 deletions
--- a/pkg/acquisition/modules/kafka/kafka.go
+++ b/pkg/acquisition/modules/kafka/kafka.go
@ -214,7 +214,13 @@ func (kc *KafkaConfiguration) NewTLSConfig() (*tls.Config, error) {
 	if err != nil {
 		return &tlsConfig, err
 	}
-	caCertPool := x509.NewCertPool()
+	caCertPool, err := x509.SystemCertPool()
+	if err != nil {
+		return &tlsConfig, fmt.Errorf("unable to load system CA certificates: %w", err)
+	}
+	if caCertPool == nil {
+		caCertPool = x509.NewCertPool()
+	}
 	caCertPool.AppendCertsFromPEM(caCert)
 	tlsConfig.RootCAs = caCertPool

--- a/pkg/apiserver/apiserver.go
+++ b/pkg/apiserver/apiserver.go
@ -313,7 +313,13 @@ func (s *APIServer) GetTLSConfig() (*tls.Config, error) {
 			if err != nil {
 				return nil, errors.Wrap(err, "Error opening cert file")
 			}
-			caCertPool = x509.NewCertPool()
+			caCertPool, err = x509.SystemCertPool()
+			if err != nil {
+				log.Warnf("Error loading system CA certificates: %s", err)
+			}
+			if caCertPool == nil {
+				caCertPool = x509.NewCertPool()
+			}
 			caCertPool.AppendCertsFromPEM(caCert)
 		}
 	}
--- a/pkg/csconfig/api.go
+++ b/pkg/csconfig/api.go
@ -133,7 +133,13 @@ func (l *LocalApiClientCfg) Load() error {
 			return errors.Wrapf(err, "failed to load cacert")
 		}

-		caCertPool := x509.NewCertPool()
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			log.Warningf("Error loading system CA certificates: %s", err)
+		}
+		if caCertPool == nil {
+			caCertPool = x509.NewCertPool()
+		}
 		caCertPool.AppendCertsFromPEM(caCert)
 		apiclient.CaCertPool = caCertPool
 	}