From 2dd9f3de5b33d6acbcb641566b9e7d3ccbe91d8c Mon Sep 17 00:00:00 2001
From: Kiran Kamineni <kiran.k.kamineni@intel.com>
Date: Tue, 10 Apr 2018 22:07:18 -0700
Subject: Changing client auth method to verify if given

Changing client auth to verify if given to allow client
connections where client does not have a certificate

Issue-ID: AAF-93
Change-Id: Ifd8f59108536889bacb0fe1477dc1e1c8a0ff4dc
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
---
 sms-service/src/sms/auth/auth.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
index ad5afdc..dc5c7bf 100644
--- a/sms-service/src/sms/auth/auth.go
+++ b/sms-service/src/sms/auth/auth.go
@@ -45,7 +45,8 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) {
 		caCertPool.AppendCertsFromPEM(caCert)
 
 		tlsConfig = &tls.Config{
-			ClientAuth: tls.RequireAndVerifyClientCert,
+			// Change to RequireAndVerify once we have mandatory certs
+			ClientAuth: tls.VerifyClientCertIfGiven,
 			ClientCAs:  caCertPool,
 			MinVersion: tls.VersionTLS12,
 		}
-- 
cgit 1.2.3-korg