fix tls certPool client regression (#263)

2020-08-31 21:40:33 -07:00
parent 30f5943f8a
commit 2b4606e773
1 changed files with 9 additions and 4 deletions
--- a/restapi/tls.go
+++ b/restapi/tls.go
@@ -27,9 +27,14 @@ import (
 )

 func getCertPool() *x509.CertPool {
+	rootCAs, _ := x509.SystemCertPool()
+	if rootCAs == nil {
+		// In some systems (like Windows) system cert pool is
+		// not supported or no certificates are present on the
+		// system - so we create a new cert pool.
+		rootCAs = x509.NewCertPool()
+	}
 	caCertFileNames := getMinioServerTLSRootCAs()
-	// If CAs certificates are configured we save them to the http.Client RootCAs store
-	certs := x509.NewCertPool()
 	for _, caCert := range caCertFileNames {
 		pemData, err := ioutil.ReadFile(caCert)
 		if err != nil {
@@ -37,9 +42,9 @@ func getCertPool() *x509.CertPool {
 			log.Println(err)
 			continue
 		}
-		certs.AppendCertsFromPEM(pemData)
+		rootCAs.AppendCertsFromPEM(pemData)
 	}
-	return certs
+	return rootCAs
 }

 var certPool = getCertPool()