use system CA or ca_certificate, but not both

hashicorp · May 4, 2021 · 9c932c6 · 9c932c6
1 parent adb3ef1
commit 9c932c6
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/internal/provider/data_source.go b/internal/provider/data_source.go
@@ -71,15 +71,16 @@ func dataSourceRead(ctx context.Context, d *schema.ResourceData, meta interface{
 	caCert := d.Get("ca_certificate").(string)
 
 	// Get the System Cert Pool
-	caCertPool, _ := x509.SystemCertPool()
-	if caCertPool == nil {
-		caCertPool = x509.NewCertPool()
+	caCertPool, err := x509.SystemCertPool()
+	if err != nil {
+		return fmt.Errorf("Error tls: %s", err)
 	}
 
-	// Append `ca_certificate` to the system CA cert pool
+	// Use `ca_certificate` cert pool
 	if caCert != "" {
+		caCertPool = x509.NewCertPool()
 		if ok := caCertPool.AppendCertsFromPEM([]byte(caCert)); !ok {
-			return fmt.Errorf("Error when adding CA certificate to certificate pool")
+			return fmt.Errorf("Error tls: Can't add the CA certificate to certificate pool")
 		}
 	}