From 0d4e9d8ab9b21ce953a09c78ecda1b78413ad051 Mon Sep 17 00:00:00 2001
From: JM Faircloth <jmfaircloth@hashicorp.com>
Date: Fri, 22 Apr 2022 14:08:35 -0500
Subject: [PATCH] automtls: fix bidirectional communication and cert format

---
 mtls.go   | 4 ++++
 server.go | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/mtls.go b/mtls.go
index 88955245..09a32e11 100644
--- a/mtls.go
+++ b/mtls.go
@@ -29,6 +29,10 @@ func generateCert() (cert []byte, privateKey []byte, err error) {
 	host := "localhost"
 
 	template := &x509.Certificate{
+		Issuer: pkix.Name{
+			CommonName:   host,
+			Organization: []string{"HashiCorp"},
+		},
 		Subject: pkix.Name{
 			CommonName:   host,
 			Organization: []string{"HashiCorp"},
diff --git a/server.go b/server.go
index 7a58cc39..e2e74276 100644
--- a/server.go
+++ b/server.go
@@ -319,6 +319,8 @@ func Serve(opts *ServeConfig) {
 			ClientAuth:   tls.RequireAndVerifyClientCert,
 			ClientCAs:    clientCertPool,
 			MinVersion:   tls.VersionTLS12,
+			RootCAs:      clientCertPool,
+			ServerName:   "localhost",
 		}
 
 		// We send back the raw leaf cert data for the client rather than the