curben
/
cloudflared-mirror
mirror of https://github.com/cloudflare/cloudflared.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

TUN-6779: cloudflared should also use the root CAs from system pool to validate edge certificate

This commit is contained in:
João Oliveirinha 2022-09-19 12:34:26 +01:00
parent de00396669
commit a0b6ba9b8d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tlsconfig/certreloader.go
View File

@ -131,7 +131,10 @@ func CreateTunnelConfig(c *cli.Context, serverName string) (*tls.Config, error)
}
if tlsConfig.RootCAs == nil {
rootCAPool := x509.NewCertPool()
rootCAPool, err := x509.SystemCertPool()
if err != nil {
return nil, errors.Wrap(err, "unable to get x509 system cert pool")
}
cfRootCA, err := GetCloudflareRootCA()
if err != nil {
return nil, errors.Wrap(err, "could not append Cloudflare Root CAs to cloudflared certificate pool")