From 68b40b814cc23ad02ef70a43a192040a901b749f Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Sun, 23 Jun 2019 21:17:39 -0400
Subject: [PATCH] Make CA certificate optional in ClientTLSConfig

---
 sdk/helper/tlsutil/tlsutil.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/sdk/helper/tlsutil/tlsutil.go b/sdk/helper/tlsutil/tlsutil.go
index b22dea3468..9929702777 100644
--- a/sdk/helper/tlsutil/tlsutil.go
+++ b/sdk/helper/tlsutil/tlsutil.go
@@ -72,16 +72,19 @@ func GetCipherName(cipher uint16) (string, error) {
 
 func ClientTLSConfig(caCert []byte, clientCert []byte, clientKey []byte) (*tls.Config, error) {
 	var tlsConfig *tls.Config
+	var pool *x509.CertPool
 
 	switch {
-	case len(caCert) != 0 && len(clientCert) != 0 && len(clientKey) != 0:
+	case len(clientCert) != 0 && len(clientKey) != 0:
 		// Valid
-	case len(caCert) != 0, len(clientCert) != 0, len(clientKey) != 0:
+	default:
 		return nil, ErrInvalidCertParams
 	}
 
-	pool := x509.NewCertPool()
-	pool.AppendCertsFromPEM(caCert)
+	if len(caCert) != 0 {
+		pool = x509.NewCertPool()
+		pool.AppendCertsFromPEM(caCert)
+	}
 
 	cert, err := tls.X509KeyPair(clientCert, clientKey)
 	if err != nil {