From 30042ac3a0e4a36d097a4cce1b88f3fb3caf9621 Mon Sep 17 00:00:00 2001
From: Daishan <daishan@rancher.com>
Date: Mon, 3 May 2021 17:51:44 -0700
Subject: [PATCH] Don't append CA if url is behind public CA

---
 pkg/aggregation/server.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkg/aggregation/server.go b/pkg/aggregation/server.go
index a02e12d..3f68598 100644
--- a/pkg/aggregation/server.go
+++ b/pkg/aggregation/server.go
@@ -26,10 +26,12 @@ func ListenAndServe(ctx context.Context, url string, caCert []byte, token string
 			InsecureSkipVerify: true,
 		}
 	} else if len(caCert) > 0 {
-		pool := x509.NewCertPool()
-		pool.AppendCertsFromPEM(caCert)
-		dialer.TLSClientConfig = &tls.Config{
-			RootCAs: pool,
+		if _, err := http.Get(url); err != nil {
+			pool := x509.NewCertPool()
+			pool.AppendCertsFromPEM(caCert)
+			dialer.TLSClientConfig = &tls.Config{
+				RootCAs: pool,
+			}
 		}
 	}