UPSTREAM: <drop>: Revert "Add support for SSL env vars to cert pool watcher (#1672)"

This reverts commit d9af7f2.

Author: oceanc80

internal/httputil/certpoolwatcher.go

@@ -4,8 +4,6 @@ import (
 	"crypto/x509"
 	"fmt"
 	"os"
-	"slices"
-	"strings"
 	"sync"
 	"time"
 
@@ -46,26 +44,8 @@ func NewCertPoolWatcher(caDir string, log logr.Logger) (*CertPoolWatcher, error)
 	if err != nil {
 		return nil, err
 	}
-
-	// If the SSL_CERT_DIR or SSL_CERT_FILE environment variables are
-	// specified, this means that we have some control over the system root
-	// location, thus they may change, thus we should watch those locations.
-	watchPaths := strings.Split(os.Getenv("SSL_CERT_DIR"), ":")
-	watchPaths = append(watchPaths, caDir, os.Getenv("SSL_CERT_FILE"))
-	watchPaths = slices.DeleteFunc(watchPaths, func(p string) bool {
-		if p == "" {
-			return true
-		}
-		if _, err := os.Stat(p); err != nil {
-			return true
-		}
-		return false
-	})
-
-	for _, p := range watchPaths {
-		if err := watcher.Add(p); err != nil {
-			return nil, err
-		}
+	if err = watcher.Add(caDir); err != nil {
+		return nil, err
 	}
 
 	cpw := &CertPoolWatcher{

internal/httputil/certpoolwatcher_test.go

@@ -72,10 +72,6 @@ func TestCertPoolWatcher(t *testing.T) {
 	t.Logf("Create cert file at %q\n", certName)
 	createCert(t, certName)
 
-	// Update environment variables for the watcher - some of these should not exist
-	os.Setenv("SSL_CERT_DIR", tmpDir+":/tmp/does-not-exist.dir")
-	os.Setenv("SSL_CERT_FILE", "/tmp/does-not-exist.file")
-
 	// Create the cert pool watcher
 	cpw, err := httputil.NewCertPoolWatcher(tmpDir, log.FromContext(context.Background()))
 	require.NoError(t, err)