From f5a980949d6bcfd4f6df115b2f6d08bbb450c71f Mon Sep 17 00:00:00 2001
From: Christophe Fergeau <cfergeau@redhat.com>
Date: Tue, 28 Sep 2021 09:45:14 +0200
Subject: [PATCH] proxy: Add fallback to x509.NewCertPool() on Windows

On Windows, x509.SystemCertPool returns an error:
https://github.com/golang/go/issues/16736

This commit reverts to the behaviour before commit b50dc99 when catching
such an error. This means https_proxy=https://... will be broken for
non-mitm https proxies. Such proxies were not usable before the PR
adding b50dc99, so this should not have much impact for our existing
users.

These CAs are used:
- when accessing telemetry
- when checking for a new crc version
- when downloading binaries (only happens with git builds)

This fixes https://github.com/code-ready/crc/issues/2770
---
 pkg/crc/network/proxy.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/crc/network/proxy.go b/pkg/crc/network/proxy.go
index 0a24155536..eb176e1b67 100644
--- a/pkg/crc/network/proxy.go
+++ b/pkg/crc/network/proxy.go
@@ -210,7 +210,8 @@ func (p *ProxyConfig) tlsConfig() (*tls.Config, error) {
 	}
 	caCertPool, err := x509.SystemCertPool()
 	if err != nil {
-		return nil, err
+		logging.Warnf("Could not load system CA pool: %v", err)
+		caCertPool = x509.NewCertPool()
 	}
 	ok := caCertPool.AppendCertsFromPEM([]byte(p.ProxyCACert))
 	if !ok {