fix: If downloading fails and a "custom" RootCA was declared in TLSCl…

…ientConfig, retry download with default RootCA. (#39) On Windows x509.SystemCertPool() always returns nil which means that Windows users with NODE_EXTRA_CA_CERTS defined will only get the NODE_EXTRA_CA_CERTS. Therefore, if RootCAs was created, and the download fail, retry with RootCAs as nil to allow Go to figure out the proper CAs. Signed-off-by: Samuel HULTGREN <[email protected]>
develar · Jul 27, 2020 · 8bef6b3 · 8bef6b3
1 parent b857403
commit 8bef6b3
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/pkg/download/downloader.go b/pkg/download/downloader.go
@@ -109,6 +109,20 @@ func NewDownloaderWithTransport(transport *http.Transport) *Downloader {
 }
 
 func (t *Downloader) Download(url string, output string, sha512 string) error {
+	err := t.DownloadNoRetry(url, output, sha512)
+	if err != nil {
+		if t.Transport.TLSClientConfig != nil && t.Transport.TLSClientConfig.RootCAs != nil {
+			log.Warn("Failed to download using specified CAs, retrying with default System CAs only")
+			origRootCAs := t.Transport.TLSClientConfig.RootCAs
+			t.Transport.TLSClientConfig.RootCAs = nil
+			err = t.DownloadNoRetry(url, output, sha512)
+			t.Transport.TLSClientConfig.RootCAs = origRootCAs
+		}
+	}
+	return err
+}
+
+func (t *Downloader) DownloadNoRetry(url string, output string, sha512 string) error {
 	start := time.Now()
 
 	actualLocation, err := t.follow(url, getUserAgent(), output)