Merge branch '10-2-stable-patch-1' into 10-2-stable

CHANGELOG.md

+v 10.2.1 (2018-01-22)
+- Do not use `git config --local` as it's not available in git v1.7.1 !790
+- Always load OS certificate pool when evaluating TLS connections !804
+
 v 10.2.0 (2017-11-22)
 - Update supported platforms !712
 - Fix typo in Kubernetes runner docs !714

VERSION

-10.2.0
+10.2.1

network/client.go

@@ -107,7 +107,13 @@ func (n *client) addTLSCA(tlsConfig *tls.Config) {
 
 		data, err := ioutil.ReadFile(file)
 		if err == nil {
-			pool := x509.NewCertPool()
+			pool, err := x509.SystemCertPool()
+			if err != nil {
+				logrus.Warningln("Failed to load system CertPool:", err)
+			}
+			if pool == nil {
+				pool = x509.NewCertPool()
+			}
 			if pool.AppendCertsFromPEM(data) {
 				tlsConfig.RootCAs = pool
 				n.caData = data

shells/abstract.go

@@ -95,7 +95,7 @@ func (b *AbstractShell) writeFetchCmd(w ShellWriter, build *common.Build, projec
 	w.Command("git", "config", "fetch.recurseSubmodules", "false")
 
 	if build.IsSharedEnv() {
-		b.writeGitSSLConfig(w, build, []string{"--local"})
+		b.writeGitSSLConfig(w, build, nil)
 	}
 
 	// Remove .git/{index,shallow,HEAD}.lock files from .git, which can fail the fetch command

shells/abstract_test.go

@@ -36,7 +36,7 @@ func TestWriteGitSSLConfig(t *testing.T) {
 	mockWriter.On("Command", "git", "config", fmt.Sprintf("http.%s.%s", gitlabURL, "sslCert"), tls.VariableCertFile).Once()
 	mockWriter.On("Command", "git", "config", fmt.Sprintf("http.%s.%s", gitlabURL, "sslKey"), tls.VariableKeyFile).Once()
 
-	shell.writeGitSSLConfig(mockWriter, build, make([]string, 0))
+	shell.writeGitSSLConfig(mockWriter, build, nil)
 
 	mockWriter.AssertExpectations(t)
 }