Make CA certificate optional in ClientTLSConfig

2019-06-23 21:17:39 -04:00 · 2019-06-23 21:17:39 -04:00 · 9747c46e7b
parent 2dea5185b3
commit 9747c46e7b
1 changed files with 7 additions and 4 deletions
--- a/sdk/helper/tlsutil/tlsutil.go
+++ b/sdk/helper/tlsutil/tlsutil.go
@ -72,16 +72,19 @@ func GetCipherName(cipher uint16) (string, error) {

 func ClientTLSConfig(caCert []byte, clientCert []byte, clientKey []byte) (*tls.Config, error) {
 	var tlsConfig *tls.Config
+	var pool *x509.CertPool

 	switch {
-	case len(caCert) != 0 && len(clientCert) != 0 && len(clientKey) != 0:
+	case len(clientCert) != 0 && len(clientKey) != 0:
 		// Valid
-	case len(caCert) != 0, len(clientCert) != 0, len(clientKey) != 0:
+	default:
 		return nil, ErrInvalidCertParams
 	}

-	pool := x509.NewCertPool()
+	if len(caCert) != 0 {
+		pool = x509.NewCertPool()
 		pool.AppendCertsFromPEM(caCert)
+	}

 	cert, err := tls.X509KeyPair(clientCert, clientKey)
 	if err != nil {