trust: do not call x509.SystemCertPool as nil will use this as default

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2025-09-04 08:26:42 +00:00 · 2017-07-14 14:39:39 -07:00
parent f255d671c6
commit c3b2c7d575
1 changed files with 1 additions and 7 deletions
--- a/src/moby/trust.go
+++ b/src/moby/trust.go
@@ -194,13 +194,7 @@ func httpsTransport(caFile string) (*http.Transport, error) {
 		TLSClientConfig:     tlsConfig,
 	}
 	// Override with the system cert pool if the caFile was empty
-	if caFile == "" {
-		systemCertPool, err := x509.SystemCertPool()
-		if err != nil {
-			return nil, err
-		}
-		transport.TLSClientConfig.RootCAs = systemCertPool
-	} else {
+	if caFile != "" {
 		certPool := x509.NewCertPool()
 		pems, err := ioutil.ReadFile(caFile)
 		if err != nil {