homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: use host's root CA set if ClientTLS ca is not defined

Browse source 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
This commit is contained in:
Kevin Pollet 2021-11-03 17:38:07 +01:00 committed by GitHub
parent 20dfb91948
commit b39d226fb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 31 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/types/tls.go
View file

@ -30,7 +30,9 @@ func (clientTLS *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, e
return nil, nil
}
caPool := x509.NewCertPool()
// Not initialized, to rely on system bundle.
var caPool *x509.CertPool
clientAuth := tls.NoClientCert
if clientTLS.CA != "" {
var ca []byte
@ -44,6 +46,7 @@ func (clientTLS *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, e
ca = []byte(clientTLS.CA)
}
caPool = x509.NewCertPool()
if !caPool.AppendCertsFromPEM(ca) {
return nil, errors.New("failed to parse CA")
}