From 61a88f343777a3625967089e32f2a9b4b4996ca2 Mon Sep 17 00:00:00 2001
From: Trekkie Coder <trekkie@netlox.io>
Date: Tue, 13 Aug 2024 00:09:42 +0900
Subject: [PATCH] gh-726 Use default system certs if availabe for https probe

---
 loxilb-ebpf          | 2 +-
 pkg/loxinet/rules.go | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/loxilb-ebpf b/loxilb-ebpf
index 0d6668308..ee662de49 160000
--- a/loxilb-ebpf
+++ b/loxilb-ebpf
@@ -1 +1 @@
-Subproject commit 0d666830820c631ce0ff1c0c5a80757948fb105c
+Subproject commit ee662de4951992d7a1db8c92c2e659404fece96d
diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go
index fc75e648e..c6c12c03f 100644
--- a/pkg/loxinet/rules.go
+++ b/pkg/loxinet/rules.go
@@ -366,7 +366,12 @@ func RulesInit(zone *Zone) *RuleH {
 		nRh.epCs[i].hChk = time.NewTicker(EndPointCheckerDuration * time.Second)
 		go epTicker(nRh, i)
 	}
-	nRh.rootCAPool = x509.NewCertPool()
+	rootCAPool, err := x509.SystemCertPool()
+	if err == nil {
+		nRh.rootCAPool = rootCAPool
+	} else {
+		nRh.rootCAPool = x509.NewCertPool()
+	}
 	rootCACertile := cmn.CertPath + cmn.CACertFileName
 
 	// Check if there exist a common CA certificate