only append to system cert pool on non-windows os

SystemCertPool is not supported on windows in go 1.7. see golang/go#16736 Once 1.8 is released we can remove special condition and always append to system cert pool. [#133304007] Signed-off-by: Maria Shaldibina <mshaldibina@pivotal.io>
vmware-archive · Nov 21, 2016 · 6348c48 · 6348c48
1 parent 5a2cf35
commit 6348c48
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 5 deletions.
diff --git a/rc/target.go b/rc/target.go
@@ -8,6 +8,7 @@ import (
  "net"
  "net/http"
  "os"
+ "runtime"
  "time"
 
  "github.com/concourse/fly/ui"
@@ -335,10 +336,20 @@ func loadCACertPool(caCert string) (cert *x509.CertPool, err error) {
  return nil, nil
  }
 
- pool, err := x509.SystemCertPool()
- if err != nil {
- return nil, err
+ // TODO: remove else block once we switch to go 1.8
+ // x509.SystemCertPool is not supported in go 1.7 on Windows
+ // see: https://github.com/golang/go/issues/16736
+ var pool *x509.CertPool
+ if runtime.GOOS != "windows" {
+ var err error
+ pool, err = x509.SystemCertPool()
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ pool = x509.NewCertPool()
  }
+
  ok := pool.AppendCertsFromPEM([]byte(caCert))
  if !ok {
  return nil, errors.New("CA Cert not valid")

diff --git a/rc/target_test.go b/rc/target_test.go
@@ -7,6 +7,7 @@ import (
  "net/http"
  "os"
  "path/filepath"
+ "runtime"
 
  "github.com/concourse/fly/rc"
  "golang.org/x/oauth2"
@@ -114,8 +115,13 @@ AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
  base, ok := (*transport).Base.(*http.Transport)
  Expect(ok).To(BeTrue())
 
- expectedCaCertPool, err := x509.SystemCertPool()
- Expect(err).NotTo(HaveOccurred())
+ var expectedCaCertPool *x509.CertPool
+ if runtime.GOOS != "windows" {
+ expectedCaCertPool, err = x509.SystemCertPool()
+ Expect(err).NotTo(HaveOccurred())
+ } else {
+ expectedCaCertPool = x509.NewCertPool()
+ }
  ok = expectedCaCertPool.AppendCertsFromPEM([]byte(rootCA))
  Expect(ok).To(BeTrue())