From 14cf64b10a97c29688f252a7d9d3481c8484aa1d Mon Sep 17 00:00:00 2001
From: max b <bittmanmax@gmail.com>
Date: Wed, 8 Mar 2023 12:41:45 -0800
Subject: [PATCH] Add system certs to bonafide

lilypad/float is now using letsencrypt certs for vpnweb so instead of
instantiating an empty cert pool, we can just use the system pool and
then add the manually configured cert for backwards compatibility.
---
 pkg/vpn/bonafide/bonafide.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/vpn/bonafide/bonafide.go b/pkg/vpn/bonafide/bonafide.go
index 0fa48ed..4c6f614 100644
--- a/pkg/vpn/bonafide/bonafide.go
+++ b/pkg/vpn/bonafide/bonafide.go
@@ -97,7 +97,11 @@ func getAPIAddr(provider string) string {
 
 // New Bonafide: Initializes a Bonafide object. By default, no Credentials are passed.
 func New() *Bonafide {
-	certs := x509.NewCertPool()
+	certs, err := x509.SystemCertPool()
+	if err != nil {
+		log.Println("Error loading SystemCertPool, falling back to empty pool")
+		certs = x509.NewCertPool()
+	}
 	certs.AppendCertsFromPEM(config.CaCert)
 	client := &http.Client{
 		Transport: &http.Transport{