projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
10684: Add -ca-certs option
[arvados.git]
/
sdk
/
go
/
arvadosclient
/
arvadosclient.go
diff --git
a/sdk/go/arvadosclient/arvadosclient.go
b/sdk/go/arvadosclient/arvadosclient.go
index dc3eddba6518940d0793e519b503e9a5df361e93..021b9471ff93814b81c933923e819f821efd8f1b 100644
(file)
--- a/
sdk/go/arvadosclient/arvadosclient.go
+++ b/
sdk/go/arvadosclient/arvadosclient.go
@@
-105,7
+105,11
@@
type ArvadosClient struct {
Retries int
}
Retries int
}
-var CertFiles = []string{"/etc/arvados/ca-certificates.crt"}
+var CertFiles = []string{
+ "/etc/arvados/ca-certificates.crt",
+ "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
+ "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL
+}
// MakeTLSConfig sets up TLS configuration for communicating with Arvados and Keep services.
func MakeTLSConfig(insecure bool) *tls.Config {
// MakeTLSConfig sets up TLS configuration for communicating with Arvados and Keep services.
func MakeTLSConfig(insecure bool) *tls.Config {
@@
-119,14
+123,14
@@
func MakeTLSConfig(insecure bool) *tls.Config {
if err == nil {
success := certs.AppendCertsFromPEM(data)
if !success {
if err == nil {
success := certs.AppendCertsFromPEM(data)
if !success {
- fmt.
Errorf("Did not
load any certificates from %v", file)
+ fmt.
Printf("Unable to
load any certificates from %v", file)
} else {
tlsconfig.RootCAs = certs
break
}
}
}
} else {
tlsconfig.RootCAs = certs
break
}
}
}
- // Will use system default CA roots i
f /etc/arvados/ca-certificates.crt not foun
d.
+ // Will use system default CA roots i
nstea
d.
}
return &tlsconfig
}
return &tlsconfig