Merge pull request #120 from riyazdf/system-pool-fix

trust: do not call x509.SystemCertPool as nil will use this as default
2025-07-21 10:09:07 +00:00 · 2017-07-14 22:53:24 +01:00 · 2017-07-14 22:53:24 +01:00 · f035995b22
commit f035995b22
parent f255d671c6 c3b2c7d575
1 changed files with 1 additions and 7 deletions
--- a/src/moby/trust.go
+++ b/src/moby/trust.go
@ -194,13 +194,7 @@ func httpsTransport(caFile string) (*http.Transport, error) {
 		TLSClientConfig:     tlsConfig,
 	}
 	// Override with the system cert pool if the caFile was empty
-	if caFile == "" {
-		systemCertPool, err := x509.SystemCertPool()
-		if err != nil {
-			return nil, err
-		}
-		transport.TLSClientConfig.RootCAs = systemCertPool
-	} else {
+	if caFile != "" {
 		certPool := x509.NewCertPool()
 		pems, err := ioutil.ReadFile(caFile)
 		if err != nil {