summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-04-10 22:07:18 -0700
committerGirish Havaldar <hg0071052@techmahindra.com>2018-04-11 22:40:22 +0000
commit2dd9f3de5b33d6acbcb641566b9e7d3ccbe91d8c (patch)
tree225d3d1137ea34150dd166172b8a9c59c5e76fae
parent5de9d86fab2b8bec58bd09e95640da468d4e1f61 (diff)
Changing client auth method to verify if given
Changing client auth to verify if given to allow client connections where client does not have a certificate Issue-ID: AAF-93 Change-Id: Ifd8f59108536889bacb0fe1477dc1e1c8a0ff4dc Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat
-rw-r--r--sms-service/src/sms/auth/auth.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
index ad5afdc..dc5c7bf 100644
--- a/sms-service/src/sms/auth/auth.go
+++ b/sms-service/src/sms/auth/auth.go
@@ -45,7 +45,8 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) {
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig = &tls.Config{
- ClientAuth: tls.RequireAndVerifyClientCert,
+ // Change to RequireAndVerify once we have mandatory certs
+ ClientAuth: tls.VerifyClientCertIfGiven,
ClientCAs: caCertPool,
MinVersion: tls.VersionTLS12,
}