|
@@ -68,10 +68,13 @@ func ClientDefault() *tls.Config {
|
|
|
// certPool returns an X.509 certificate pool from `caFile`, the certificate file.
|
|
|
func certPool(caFile string) (*x509.CertPool, error) {
|
|
|
// If we should verify the server, we need to load a trusted ca
|
|
|
- certPool := x509.NewCertPool()
|
|
|
+ certPool, err := SystemCertPool()
|
|
|
+ if err != nil {
|
|
|
+ return nil, fmt.Errorf("failed to read system certificates: %v", err)
|
|
|
+ }
|
|
|
pem, err := ioutil.ReadFile(caFile)
|
|
|
if err != nil {
|
|
|
- return nil, fmt.Errorf("Could not read CA certificate %q: %v", caFile, err)
|
|
|
+ return nil, fmt.Errorf("could not read CA certificate %q: %v", caFile, err)
|
|
|
}
|
|
|
if !certPool.AppendCertsFromPEM(pem) {
|
|
|
return nil, fmt.Errorf("failed to append certificates from PEM file: %q", caFile)
|