From d551a46de72de8b1d1b8beeae385d1dd96154daf Mon Sep 17 00:00:00 2001
From: "Ross A. Baker" <ross@rossabaker.com>
Date: Tue, 28 Jan 2020 23:41:48 -0500
Subject: [PATCH] Support setting needClientAuth with TLSParameters

---
 .../main/scala/fs2/io/tls/TLSParameters.scala |  6 ++--
 .../scala/fs2/io/tls/TLSParametersSpec.scala  | 31 +++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 io/src/test/scala/fs2/io/tls/TLSParametersSpec.scala

diff --git a/io/src/main/scala/fs2/io/tls/TLSParameters.scala b/io/src/main/scala/fs2/io/tls/TLSParameters.scala
index 737b523b2e..534cc0084e 100644
--- a/io/src/main/scala/fs2/io/tls/TLSParameters.scala
+++ b/io/src/main/scala/fs2/io/tls/TLSParameters.scala
@@ -39,8 +39,10 @@ sealed trait TLSParameters {
     serverNames.foreach(sn => p.setServerNames(sn.asJava))
     sniMatchers.foreach(sm => p.setSNIMatchers(sm.asJava))
     p.setUseCipherSuitesOrder(useCipherSuitesOrder)
-    p.setNeedClientAuth(needClientAuth)
-    p.setWantClientAuth(wantClientAuth)
+    if (needClientAuth)
+      p.setNeedClientAuth(needClientAuth)
+    else if (wantClientAuth)
+      p.setWantClientAuth(wantClientAuth)
     p
   }
 }
diff --git a/io/src/test/scala/fs2/io/tls/TLSParametersSpec.scala b/io/src/test/scala/fs2/io/tls/TLSParametersSpec.scala
new file mode 100644
index 0000000000..bb7bdc6793
--- /dev/null
+++ b/io/src/test/scala/fs2/io/tls/TLSParametersSpec.scala
@@ -0,0 +1,31 @@
+package fs2
+package io
+package tls
+
+class TLSParametersSpec extends TLSSpec {
+  "toSSLParameters" - {
+    "no client auth when wantClientAuth=false and needClientAuth=false" in {
+      val params = TLSParameters(wantClientAuth = false, needClientAuth = false).toSSLParameters
+      params.getWantClientAuth shouldBe false
+      params.getNeedClientAuth shouldBe false
+    }
+
+    "wantClientAuth when wantClientAuth=true and needClientAuth=false" in {
+      val params = TLSParameters(wantClientAuth = true, needClientAuth = false).toSSLParameters
+      params.getWantClientAuth shouldBe true
+      params.getNeedClientAuth shouldBe false
+    }
+
+    "needClientAuth when wantClientAuth=false and needClientAuth=true" in {
+      val params = TLSParameters(wantClientAuth = false, needClientAuth = true).toSSLParameters
+      params.getWantClientAuth shouldBe false
+      params.getNeedClientAuth shouldBe true
+    }
+
+    "needClientAuth when wantClientAuth=true and needClientAuth=true" in {
+      val params = TLSParameters(wantClientAuth = true, needClientAuth = true).toSSLParameters
+      params.getWantClientAuth shouldBe false
+      params.getNeedClientAuth shouldBe true
+    }
+  }
+}