From 2dd9f3de5b33d6acbcb641566b9e7d3ccbe91d8c Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Tue, 10 Apr 2018 22:07:18 -0700 Subject: Changing client auth method to verify if given Changing client auth to verify if given to allow client connections where client does not have a certificate Issue-ID: AAF-93 Change-Id: Ifd8f59108536889bacb0fe1477dc1e1c8a0ff4dc Signed-off-by: Kiran Kamineni --- sms-service/src/sms/auth/auth.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sms-service') diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go index ad5afdc..dc5c7bf 100644 --- a/sms-service/src/sms/auth/auth.go +++ b/sms-service/src/sms/auth/auth.go @@ -45,7 +45,8 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) { caCertPool.AppendCertsFromPEM(caCert) tlsConfig = &tls.Config{ - ClientAuth: tls.RequireAndVerifyClientCert, + // Change to RequireAndVerify once we have mandatory certs + ClientAuth: tls.VerifyClientCertIfGiven, ClientCAs: caCertPool, MinVersion: tls.VersionTLS12, } -- cgit 1.2.3-korg