diff --git a/cmd/certs.go b/cmd/certs.go index 956e0a67d..cba822fbb 100644 --- a/cmd/certs.go +++ b/cmd/certs.go @@ -68,28 +68,6 @@ func parsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err er } func getRootCAs(certsCAsDir string) (*x509.CertPool, error) { - // Get all CA file names. - var caFiles []string - fis, err := readDir(certsCAsDir) - if err != nil && err != errFileNotFound { - return nil, err - } - // Return success if CA's directory is missing. - if err == errFileNotFound { - return nil, nil - } - for _, fi := range fis { - // Skip all directories. - if hasSuffix(fi, slashSeparator) { - continue - } - // We are only interested in regular files here. - caFiles = append(caFiles, pathJoin(certsCAsDir, fi)) - } - if len(caFiles) == 0 { - return nil, nil - } - rootCAs, _ := x509.SystemCertPool() if rootCAs == nil { // In some systems (like Windows) system cert pool is @@ -98,16 +76,26 @@ func getRootCAs(certsCAsDir string) (*x509.CertPool, error) { rootCAs = x509.NewCertPool() } - // Load custom root CAs for client requests - for _, caFile := range caFiles { - caCert, err := ioutil.ReadFile(caFile) - if err != nil { - return nil, err + fis, err := readDir(certsCAsDir) + if err != nil { + if err == errFileNotFound { + err = nil // Return success if CA's directory is missing. } - - rootCAs.AppendCertsFromPEM(caCert) + return rootCAs, err } + // Load all custom CA files. + for _, fi := range fis { + // Skip all directories. + if hasSuffix(fi, slashSeparator) { + continue + } + caCert, err := ioutil.ReadFile(pathJoin(certsCAsDir, fi)) + if err != nil { + return rootCAs, err + } + rootCAs.AppendCertsFromPEM(caCert) + } return rootCAs, nil }