From 68e8f62107bd18612b04dc660f3dc89acdd15535 Mon Sep 17 00:00:00 2001
From: Zi Lin <zi@cloudflare.com>
Date: Fri, 8 May 2015 16:08:49 -0700
Subject: [PATCH] client update. Trusted CAFile should be optional

---
 client/client.go | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/client/client.go b/client/client.go
index 0977a2c..22609ae 100644
--- a/client/client.go
+++ b/client/client.go
@@ -23,15 +23,19 @@ type RemoteServer struct {
 // the root CA the server uses to authenticate itself.
 func NewRemoteServer(serverAddress, CAFile string) (*RemoteServer, error) {
 
-	// populate a root CA pool from file
-	rootCAs := x509.NewCertPool()
-	pemBytes, err := ioutil.ReadFile(CAFile)
-	if err != nil {
-		return nil, errors.New("fail to read CA file: " + err.Error())
-	}
-	ok := rootCAs.AppendCertsFromPEM(pemBytes)
-	if !ok {
-		return nil, errors.New("fail to populate CA root pool.")
+	var rootCAs *x509.CertPool
+	// populate a root CA pool from input CAfile
+	// otherwise, use the system's default root CA set
+	if CAFile != "" {
+		rootCAs = x509.NewCertPool()
+		pemBytes, err := ioutil.ReadFile(CAFile)
+		if err != nil {
+			return nil, errors.New("fail to read CA file: " + err.Error())
+		}
+		ok := rootCAs.AppendCertsFromPEM(pemBytes)
+		if !ok {
+			return nil, errors.New("fail to populate CA root pool.")
+		}
 	}
 
 	tr := &http.Transport{