Merge pull request #1770 from shiftstack/fix-certs-parse

k8s-ci-robot · web-flow · commit 85aed768becc · 2023-12-05T11:49:03.000+01:00
🐛 Verify success of parsing OpenStack cloud cacert
diff --git a/pkg/scope/provider.go b/pkg/scope/provider.go
@@ -224,7 +224,11 @@ func NewProviderClient(cloud clientconfig.Cloud, caCert []byte, logger logr.Logg
 	}
 	if caCert != nil {
 		config.RootCAs = x509.NewCertPool()
-		config.RootCAs.AppendCertsFromPEM(caCert)
+		ok := config.RootCAs.AppendCertsFromPEM(caCert)
+		if !ok {
+			// If no certificates were successfully parsed, set RootCAs to nil to use the host's root CA
+			config.RootCAs = nil
+		}
 	}
 
 	provider.HTTPClient.Transport = &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}

Original file line number	Diff line number	Diff line change
`@@ -224,7 +224,11 @@ func NewProviderClient(cloud clientconfig.Cloud, caCert []byte, logger logr.Logg`
`224`	`224`	`}`
`225`	`225`	`if caCert != nil {`
`226`	`226`	`config.RootCAs = x509.NewCertPool()`
`227`		`- config.RootCAs.AppendCertsFromPEM(caCert)`
	`227`	`+ ok := config.RootCAs.AppendCertsFromPEM(caCert)`
	`228`	`+ if !ok {`
	`229`	`+ // If no certificates were successfully parsed, set RootCAs to nil to use the host's root CA`
	`230`	`+ config.RootCAs = nil`
	`231`	`+ }`
`228`	`232`	`}`
`229`	`233`
`230`	`234`	`provider.HTTPClient.Transport = &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}`