Make CA certificate optional in ClientTLSConfig

2025-08-10 08:37:00 +02:00 · 2019-06-23 21:17:39 -04:00 · 2019-06-23 21:17:39 -04:00 · 68b40b814c
commit 68b40b814c
parent f8a1ac2791
1 changed files with 7 additions and 4 deletions
--- a/sdk/helper/tlsutil/tlsutil.go
+++ b/sdk/helper/tlsutil/tlsutil.go
@ -72,16 +72,19 @@ func GetCipherName(cipher uint16) (string, error) {

 func ClientTLSConfig(caCert []byte, clientCert []byte, clientKey []byte) (*tls.Config, error) {
 	var tlsConfig *tls.Config
+	var pool *x509.CertPool

 	switch {
-	case len(caCert) != 0 && len(clientCert) != 0 && len(clientKey) != 0:
+	case len(clientCert) != 0 && len(clientKey) != 0:
 		// Valid
-	case len(caCert) != 0, len(clientCert) != 0, len(clientKey) != 0:
+	default:
 		return nil, ErrInvalidCertParams
 	}

-	pool := x509.NewCertPool()
-	pool.AppendCertsFromPEM(caCert)
+	if len(caCert) != 0 {
+		pool = x509.NewCertPool()
+		pool.AppendCertsFromPEM(caCert)
+	}

 	cert, err := tls.X509KeyPair(clientCert, clientKey)
 	if err != nil {