Do not require a client certificate in SslOptions

The Certificates field in a tls.Config can be empty for a client; this allows that configuration to work for SslOptions.
Artem-2 · Jun 12, 2015 · 8ab3de6 · 8ab3de6
1 parent bac7de2
commit 8ab3de6
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/connectionpool.go b/connectionpool.go
@@ -153,13 +153,17 @@ func setupTLSConfig(sslOpts *SslOptions) (*tls.Config, error) {
 		}
 	}
 
-	mycert, err := tls.LoadX509KeyPair(sslOpts.CertPath, sslOpts.KeyPath)
-	if err != nil {
-		return nil, fmt.Errorf("connectionpool: unable to load X509 key pair: %v", err)
+	mycerts := make([]tls.Certificate, 0)
+	if sslOpts.CertPath != "" || sslOpts.KeyPath != "" {
+		mycert, err := tls.LoadX509KeyPair(sslOpts.CertPath, sslOpts.KeyPath)
+		if err != nil {
+			return nil, fmt.Errorf("connectionpool: unable to load X509 key pair: %v", err)
+		}
+		mycerts = append(mycerts, mycert)
 	}
 
 	config := &tls.Config{
-		Certificates: []tls.Certificate{mycert},
+		Certificates: mycerts,
 		RootCAs:      certPool,
 	}