set transport to nil if there was an error connecting to the server w…

…ith the file-based root ca Signed-off-by: Chris Kim <[email protected]>
snasovich · Jul 19, 2024 · d88c7eb · d88c7eb
1 parent ce35815
commit d88c7eb
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/cmd/agent/main.go b/cmd/agent/main.go
@@ -221,9 +221,13 @@ func run(ctx context.Context) error {
 			Timeout:   time.Second * 5,
 			Transport: transport,
 		}
-		if _, err = httpClient.Get(server); err != nil && cluster.CAStrictVerify() {
-			logrus.Errorf("Could not securely connect to %s: %v", server, err)
-			os.Exit(1)
+		if _, err = httpClient.Get(server); err != nil {
+			if cluster.CAStrictVerify() {
+				logrus.Errorf("Could not securely connect to %s: %v", server, err)
+				os.Exit(1)
+			}
+			// onConnect will use the transport later on, so discard it as it doesn't work and fallback to the system store.
+			transport = nil
 		} else {
 			topContext = context.WithValue(topContext, cavalidator.CacertsValid, true)
 			systemStoreConnectionCheckRequired = false