X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9df4d7da24ef8be639af1ab806cf833ee544fb45..3dd2a1957ae4106bfc2bd5405662c47c087eb79c:/sdk/go/crunchrunner/crunchrunner.go

diff --git a/sdk/go/crunchrunner/crunchrunner.go b/sdk/go/crunchrunner/crunchrunner.go
index 7d09a5d240..14c75afff2 100644
--- a/sdk/go/crunchrunner/crunchrunner.go
+++ b/sdk/go/crunchrunner/crunchrunner.go
@@ -11,7 +11,6 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
-	"path"
 	"strings"
 	"syscall"
 )
@@ -327,14 +326,23 @@ func main() {
 		log.Fatal(err)
 	}
 
-	certpath := path.Join(path.Dir(os.Args[0]), "ca-certificates.crt")
-	certdata, err := ioutil.ReadFile(certpath)
-	if err == nil {
-		log.Printf("Using TLS certificates at %v", certpath)
-		certs := x509.NewCertPool()
-		certs.AppendCertsFromPEM(certdata)
-		api.Client.Transport.(*http.Transport).TLSClientConfig.RootCAs = certs
+	// Container may not have certificates installed, so need to look for
+	// /etc/arvados/ca-certificates.crt in addition to normal system certs.
+	var certFiles = []string{
+		"/etc/ssl/certs/ca-certificates.crt", // Debian
+		"/etc/pki/tls/certs/ca-bundle.crt",   // Red Hat
+		"/etc/arvados/ca-certificates.crt",
+	}
+
+	certs := x509.NewCertPool()
+	for _, file := range certFiles {
+		data, err := ioutil.ReadFile(file)
+		if err == nil {
+			log.Printf("Using TLS certificates at %v", file)
+			certs.AppendCertsFromPEM(data)
+		}
 	}
+	api.Client.Transport.(*http.Transport).TLSClientConfig.RootCAs = certs
 
 	jobUuid := os.Getenv("JOB_UUID")
 	taskUuid := os.Getenv("TASK_UUID")