merge system cert pool with own certs (#2226)
This commit is contained in:
parent
e5fe74ce77
commit
025f14f879
|
@ -214,7 +214,13 @@ func (kc *KafkaConfiguration) NewTLSConfig() (*tls.Config, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &tlsConfig, err
|
return &tlsConfig, err
|
||||||
}
|
}
|
||||||
caCertPool := x509.NewCertPool()
|
caCertPool, err := x509.SystemCertPool()
|
||||||
|
if err != nil {
|
||||||
|
return &tlsConfig, fmt.Errorf("unable to load system CA certificates: %w", err)
|
||||||
|
}
|
||||||
|
if caCertPool == nil {
|
||||||
|
caCertPool = x509.NewCertPool()
|
||||||
|
}
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
caCertPool.AppendCertsFromPEM(caCert)
|
||||||
tlsConfig.RootCAs = caCertPool
|
tlsConfig.RootCAs = caCertPool
|
||||||
|
|
||||||
|
|
|
@ -313,7 +313,13 @@ func (s *APIServer) GetTLSConfig() (*tls.Config, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "Error opening cert file")
|
return nil, errors.Wrap(err, "Error opening cert file")
|
||||||
}
|
}
|
||||||
caCertPool = x509.NewCertPool()
|
caCertPool, err = x509.SystemCertPool()
|
||||||
|
if err != nil {
|
||||||
|
log.Warnf("Error loading system CA certificates: %s", err)
|
||||||
|
}
|
||||||
|
if caCertPool == nil {
|
||||||
|
caCertPool = x509.NewCertPool()
|
||||||
|
}
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
caCertPool.AppendCertsFromPEM(caCert)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -133,7 +133,13 @@ func (l *LocalApiClientCfg) Load() error {
|
||||||
return errors.Wrapf(err, "failed to load cacert")
|
return errors.Wrapf(err, "failed to load cacert")
|
||||||
}
|
}
|
||||||
|
|
||||||
caCertPool := x509.NewCertPool()
|
caCertPool, err := x509.SystemCertPool()
|
||||||
|
if err != nil {
|
||||||
|
log.Warningf("Error loading system CA certificates: %s", err)
|
||||||
|
}
|
||||||
|
if caCertPool == nil {
|
||||||
|
caCertPool = x509.NewCertPool()
|
||||||
|
}
|
||||||
caCertPool.AppendCertsFromPEM(caCert)
|
caCertPool.AppendCertsFromPEM(caCert)
|
||||||
apiclient.CaCertPool = caCertPool
|
apiclient.CaCertPool = caCertPool
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue