Changing client auth method to verify if given

Changing client auth to verify if given to allow client
connections where client does not have a certificate

Issue-ID: AAF-93
Change-Id: Ifd8f59108536889bacb0fe1477dc1e1c8a0ff4dc
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>

diff --git a/sms-service/src/sms/auth/auth.go b/sms-service/src/sms/auth/auth.go
index ad5afdc..dc5c7bf 100644 (file)
--- a/sms-service/src/sms/auth/auth.go
+++ b/sms-service/src/sms/auth/auth.go
@@ -45,7 +45,8 @@ func GetTLSConfig(caCertFile string) (*tls.Config, error) {
                caCertPool.AppendCertsFromPEM(caCert)
 
                tlsConfig = &tls.Config{
-                       ClientAuth: tls.RequireAndVerifyClientCert,
+                       // Change to RequireAndVerify once we have mandatory certs
+                       ClientAuth: tls.VerifyClientCertIfGiven,
                        ClientCAs:  caCertPool,
                        MinVersion: tls.VersionTLS12,
                }