Make Intermediate CA optional in TLS configuration

tls.go

@@ -18,15 +18,19 @@ func (c *TLSConfig) TLSConfig() (*tls.Config, error) {
 		return nil, fmt.Errorf("Error while reading Root CA file: " + c.RootCAPath + " error: " + err.Error())
 	}
 
+	caCertPool := x509.NewCertPool()
+	if ok := caCertPool.AppendCertsFromPEM(rootCA); !ok {
+		return nil, fmt.Errorf("failed to append Root CA certificates from file: %s", c.RootCAPath)
+	}
+
 	interCA, err := os.ReadFile(c.IntermediateCAPath)
 	if err != nil {
-		return nil, fmt.Errorf("Error while reading Intermediate CA file: " + c.IntermediateCAPath + " error: " + err.Error())
+		fmt.Printf("Warning: Unable to read Intermediate CA file: %s, error: %v", c.IntermediateCAPath, err)
+		fmt.Println("Intermediate CA will be skipped.")
+	} else if ok := caCertPool.AppendCertsFromPEM(interCA); !ok {
+		fmt.Printf("Warning: Failed to append Intermediate CA certificates from file: %s", c.IntermediateCAPath)
 	}
 
-	caCertPool := x509.NewCertPool()
-	caCertPool.AppendCertsFromPEM(rootCA)
-	caCertPool.AppendCertsFromPEM(interCA)
-
 	return &tls.Config{RootCAs: caCertPool}, nil //nolint:gosec
 }
 

tls_test.go

@@ -5,6 +5,31 @@ import (
 	"testing"
 )
 
+const testRootCA = `-----BEGIN CERTIFICATE-----
+MIIECTCCA3KgAwIBAgIUDnU7Oa0fU9GFOwU7EWJP3HsRchEwDQYJKoZIhvcNAQEL
+BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
+b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
+MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
+Zm9Ad29sZnNzbC5jb20wHhcNMjIxMjE2MjExNzQ5WhcNMjUwOTExMjExNzQ5WjCB
+mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
+YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
+GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
+b2xmc3NsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzazdR+y+tyTD
+YxtUmHnhxzEWWdadd52N4ovtBBeyxuvkm5G+MVBil1i1fynes3EkC7+XCX8m3C3s
+qC6yZCt6KzUZLaKAy5n9lHEbI41U2y5ijYEILfQkcids+cmO20x1upsB+D8Y9OZ/
++1eUksyIxLQAwqrU5YgYsxEvc8DWKQkCAwEAAaOCAUowggFGMB0GA1UdDgQWBBTT
+Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
+ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
+EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
+b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUDnU7Oa0fU9GFOwU7EWJP3HsRchEw
+DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
+HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAuIC/
+svWDlVGBan5BhynXw8nGm2DkZaEElx0bO+kn+kPWiWo8nr8o0XU3IfMNZBeyoy2D
+Uv9X8EKpSKrYhOoNgAVxCqojtGzG1n8TSvSCueKBrkaMWfvDjG1b8zLshvBu2ip4
+q/I2+0j6dAkOGcK/68z7qQXByeGri3n28a1Kn6o=
+-----END CERTIFICATE-----`
+
 func TestTLSConfig_TLSConfig(t *testing.T) {
 	// Given
 	rootca, err := os.CreateTemp("", "rootca*.pem")
@@ -19,6 +44,10 @@ func TestTLSConfig_TLSConfig(t *testing.T) {
 	}
 	defer os.Remove(intermediate.Name())
 
+	if err := os.WriteFile(rootca.Name(), []byte(testRootCA), 0644); err != nil {
+		t.Fatalf("Error writing root CA to file: %s", err.Error())
+	}
+
 	tlsCfg := TLSConfig{
 		RootCAPath:         rootca.Name(),
 		IntermediateCAPath: intermediate.Name(),