proxy: Add fallback to x509.NewCertPool() on Windows

cfergeau · cfergeau · commit e8735a355481 · 2021-09-28T09:50:40.000+02:00
On Windows, x509.SystemCertPool returns an error: golang/go#16736 This commit reverts to the behaviour before commit b50dc99 when catching such an error. This means https_proxy=https://... will be broken for non-mitm https proxies. Such proxies were not usable before the PR adding b50dc99, so this should not have much impact for our existing users. These CAs are used: - when accessing telemetry - when checking for a new crc version - when downloading binaries (only happens with git builds) This fixes crc-org#2770
diff --git a/pkg/crc/network/proxy.go b/pkg/crc/network/proxy.go
@@ -210,7 +210,8 @@ func (p *ProxyConfig) tlsConfig() (*tls.Config, error) {
 	}
 	caCertPool, err := x509.SystemCertPool()
 	if err != nil {
-		return nil, err
+		logging.Warnf("Could not load system CA pool")
+		caCertPool = x509.NewCertPool()
 	}
 	ok := caCertPool.AppendCertsFromPEM([]byte(p.ProxyCACert))
 	if !ok {

Original file line number	Diff line number	Diff line change
`@@ -210,7 +210,8 @@ func (p ProxyConfig) tlsConfig() (tls.Config, error) {`
`210`	`210`	`}`
`211`	`211`	`caCertPool, err := x509.SystemCertPool()`
`212`	`212`	`if err != nil {`
`213`		`- return nil, err`
	`213`	`+ logging.Warnf("Could not load system CA pool")`
	`214`	`+ caCertPool = x509.NewCertPool()`
`214`	`215`	`}`
`215`	`216`	`ok := caCertPool.AppendCertsFromPEM([]byte(p.ProxyCACert))`
`216`	`217`	`if !ok {`