From ab7e918ca5e468cc8918b1b877d5886751ad5b53 Mon Sep 17 00:00:00 2001
From: STeve Huang <xin.huang@goteleport.com>
Date: Thu, 31 Oct 2024 15:24:22 -0400
Subject: [PATCH] fix agent connection to proxy behind l7 lb

---
 lib/service/connect.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/service/connect.go b/lib/service/connect.go
index 40644a73763ee..fcf4122e44f58 100644
--- a/lib/service/connect.go
+++ b/lib/service/connect.go
@@ -1215,7 +1215,9 @@ func (process *TeleportProcess) newClientThroughTunnel(tlsConfig *tls.Config, ss
 		ClientConfig:          sshConfig,
 		Log:                   process.logger,
 		InsecureSkipTLSVerify: lib.IsInsecureDevMode(),
-		GetClusterCAs:         apiclient.ClusterCAsFromCertPool(tlsConfig.RootCAs),
+		GetClusterCAs: func(context.Context) (*x509.CertPool, error) {
+			return getClusterCAs()
+		},
 	})
 	if err != nil {
 		return nil, nil, trace.Wrap(err)