Skip to content

Commit

Permalink
set ClientAuth and ClientCAs on plugin client tls config
Browse files Browse the repository at this point in the history
  • Loading branch information
@fairclothjm
fairclothjm committed Apr 28, 2022
1 parent 78c507c commit 0b28f28
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion client.go
View file
Expand Up @@ -574,6 +574,8 @@ func (c *Client) Start() (addr net.Addr, err error) {

c.config.TLSConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequireAndVerifyClientCert,
MinVersion: tls.VersionTLS12,
ServerName: "localhost",
}
}
Expand Down Expand Up @@ -774,7 +776,7 @@ func (c *Client) Start() (addr net.Addr, err error) {
}

// loadServerCert is used by AutoMTLS to read an x.509 cert returned by the
// server, and load it as the RootCA for the client TLSConfig.
// server, and load it as the RootCA and ClientCA for the client TLSConfig.
func (c *Client) loadServerCert(cert string) error {
certPool := x509.NewCertPool()

Expand All @@ -791,6 +793,7 @@ func (c *Client) loadServerCert(cert string) error {
certPool.AddCert(x509Cert)

c.config.TLSConfig.RootCAs = certPool
c.config.TLSConfig.ClientCAs = certPool
return nil
}

Expand Down

0 comments on commit 0b28f28

Please sign in to comment.