Fixed createTLSConfig function. Return full tls configuration when ca…

…, crt, key and insecure flag are set
repl-mike-roest · Oct 26, 2018 · e50a3f4 · e50a3f4
1 parent 038cc4f
commit e50a3f4
Showing 1 changed file with 12 additions and 17 deletions.
diff --git a/tls.go b/tls.go
@@ -8,33 +8,28 @@ import (
 )
 
 func createTLSConfig(pemFile, pemCertFile, pemPrivateKeyFile string, insecureSkipVerify bool) *tls.Config {
+	tlsConfig := tls.Config{}
 	if insecureSkipVerify {
 		// pem settings are irrelevant if we're skipping verification anyway
-		return &tls.Config{
-			InsecureSkipVerify: true,
-		}
-	}
-	if len(pemFile) <= 0 {
-		return nil
+		tlsConfig.InsecureSkipVerify = true
 	}
-	rootCerts, err := loadCertificatesFrom(pemFile)
-	if err != nil {
-		log.Fatalf("Couldn't load root certificate from %s. Got %s.", pemFile, err)
+	if len(pemFile) > 0 {
+		rootCerts, err := loadCertificatesFrom(pemFile)
+		if err != nil {
+			log.Fatalf("Couldn't load root certificate from %s. Got %s.", pemFile, err)
+			return nil
+		}
+		tlsConfig.RootCAs = rootCerts
 	}
 	if len(pemCertFile) > 0 && len(pemPrivateKeyFile) > 0 {
 		clientPrivateKey, err := loadPrivateKeyFrom(pemCertFile, pemPrivateKeyFile)
 		if err != nil {
 			log.Fatalf("Couldn't setup client authentication. Got %s.", err)
+			return nil
 		}
-		return &tls.Config{
-			RootCAs:      rootCerts,
-			Certificates: []tls.Certificate{*clientPrivateKey},
-		}
-	}
-	return &tls.Config{
-		RootCAs:            rootCerts,
-		InsecureSkipVerify: insecureSkipVerify,
+		tlsConfig.Certificates = []tls.Certificate{*clientPrivateKey}
 	}
+	return &tlsConfig
 }
 
 func loadCertificatesFrom(pemFile string) (*x509.CertPool, error) {