From: Kiran Kamineni <kiran.k.kamineni@intel.com>
Date: Wed, 11 Apr 2018 05:07:18 +0000 (-0700)
Subject: Changing client auth method to verify if given
X-Git-Tag: 2.0.0-ONAP~31
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=2dd9f3de5b33d6acbcb641566b9e7d3ccbe91d8c;p=aaf%2Fsms.git

Changing client auth method to verify if given

Changing client auth to verify if given to allow client
connections where client does not have a certificate

Issue-ID: AAF-93
Change-Id: Ifd8f59108536889bacb0fe1477dc1e1c8a0ff4dc
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
---

diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
index ad5afdc..dc5c7bf 100644
--- a/sms-service/src/sms/auth/auth.go
+++ b/sms-service/src/sms/auth/auth.go
@@ -45,7 +45,8 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) {
 		caCertPool.AppendCertsFromPEM(caCert)
 
 		tlsConfig = &tls.Config{
-			ClientAuth: tls.RequireAndVerifyClientCert,
+			// Change to RequireAndVerify once we have mandatory certs
+			ClientAuth: tls.VerifyClientCertIfGiven,
 			ClientCAs:  caCertPool,
 			MinVersion: tls.VersionTLS12,
 		}