Commit 15c3ef5a authored by ale's avatar ale
Browse files

Do not require client certs for HTTPS

Unfortunately we can't set a tls.Config for the http.Client returned
by clientcredentials (which the client uses).
parent 4e86452f
Pipeline #416 passed with stages
in 1 minute and 17 seconds
......@@ -245,7 +245,11 @@ func (c *serverCommand) runServer(app *idpapp.App) error {
}
roots.AppendCertsFromPEM(data)
s.TLSConfig.ClientCAs = roots
s.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert
// Client certificates are not mandatory
// because we can't set tls parameters on the
// http.Client returned from
// golang.org/x/oauth2/clientcredentials...
s.TLSConfig.ClientAuth = tls.VerifyClientCertIfGiven
}
lerr = s.ListenAndServeTLS("", "")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment