From d2d5892f3fa75c0a24ac3f1228e9195f74c60af7 Mon Sep 17 00:00:00 2001
From: Dan Ramich <daniel@rancher.com>
Date: Wed, 31 Jan 2018 12:10:50 -0700
Subject: [PATCH] Add option to pass in CAcert for verification

Problem:
Running a server with a self signed cert will cause tls errors

Solution:
Add abillity to pass in a cert file to use for tls verification
---
 clientbase/common.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/clientbase/common.go b/clientbase/common.go
index 11cd3de9..e809c327 100644
--- a/clientbase/common.go
+++ b/clientbase/common.go
@@ -2,6 +2,8 @@ package clientbase
 
 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -32,6 +34,7 @@ type ClientOpts struct {
 	SecretKey  string
 	Timeout    time.Duration
 	HTTPClient *http.Client
+	CACerts    string
 }
 
 type APIError struct {
@@ -147,6 +150,20 @@ func NewAPIClient(opts *ClientOpts) (APIBaseClient, error) {
 
 	client.Timeout = opts.Timeout
 
+	if opts.CACerts != "" {
+		roots := x509.NewCertPool()
+		ok := roots.AppendCertsFromPEM([]byte(opts.CACerts))
+		if !ok {
+			return result, err
+		}
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs: roots,
+			},
+		}
+		client.Transport = tr
+	}
+
 	req, err := http.NewRequest("GET", opts.URL, nil)
 	if err != nil {
 		return result, err