From d5b4011f890a4d95ce25fda3ba34bf080cd970a6 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Thu, 9 Nov 2017 15:55:23 -0500
Subject: [PATCH] Change test cluster to request client cert rather than verify
 if given

---
 vault/testing.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vault/testing.go b/vault/testing.go
index 130c8fdd61..d267467d3c 100644
--- a/vault/testing.go
+++ b/vault/testing.go
@@ -997,7 +997,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 			Certificates:   []tls.Certificate{tlsCert},
 			RootCAs:        testCluster.RootCAs,
 			ClientCAs:      testCluster.RootCAs,
-			ClientAuth:     tls.VerifyClientCertIfGiven,
+			ClientAuth:     tls.RequestClientCert,
 			NextProtos:     []string{"h2", "http/1.1"},
 			GetCertificate: certGetter.GetCertificate,
 		}