disable system roots for windows

transport/internet/tls/config.go

@@ -3,7 +3,6 @@ package tls
 import (
 	"context"
 	"crypto/tls"
-	"crypto/x509"
 	"time"
 
 	"v2ray.com/core/common/net"
@@ -24,22 +23,6 @@ func ParseCertificate(c *cert.Certificate) *Certificate {
 	}
 }
 
-func (c *Config) GetCertPool() *x509.CertPool {
-	pool, err := x509.SystemCertPool()
-	if err != nil {
-		newError("failed to get system cert pool.").Base(err).WriteToLog()
-		return nil
-	}
-	if pool != nil {
-		for _, cert := range c.Certificate {
-			if cert.Usage == Certificate_AUTHORITY_VERIFY {
-				pool.AppendCertsFromPEM(cert.Certificate)
-			}
-		}
-	}
-	return pool
-}
-
 func (c *Config) BuildCertificates() []tls.Certificate {
 	certs := make([]tls.Certificate, 0, len(c.Certificate))
 	for _, entry := range c.Certificate {

transport/internet/tls/config_other.go

@@ -0,0 +1,21 @@
+// +build !windows
+
+package tls
+
+import "crypto/x509"
+
+func (c *Config) GetCertPool() *x509.CertPool {
+	pool, err := x509.SystemCertPool()
+	if err != nil {
+		newError("failed to get system cert pool.").Base(err).WriteToLog()
+		return nil
+	}
+	if pool != nil {
+		for _, cert := range c.Certificate {
+			if cert.Usage == Certificate_AUTHORITY_VERIFY {
+				pool.AppendCertsFromPEM(cert.Certificate)
+			}
+		}
+	}
+	return pool
+}

transport/internet/tls/config_windows.go

@@ -0,0 +1,9 @@
+// +build windows
+
+package tls
+
+import "crypto/x509"
+
+func (c *Config) GetCertPool() *x509.CertPool {
+	return nil
+}