Don't set VerifyPeerCertificate function on TLS config if authentication is disabled.

phamann · phamann · commit cdd6b794f4ac · 2019-04-18T21:16:10.000+01:00
diff --git a/main.go b/main.go
@@ -442,9 +442,10 @@ func serverListen(context *Context) error {
 	}
 
 	config.GetCertificate = context.cert.GetCertificate
-	config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer
 	if *serverDisableAuth {
 		config.ClientAuth = tls.NoClientCert
+	} else {
+		config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer
 	}
 
 	listener, err := reuseport.NewReusablePortListener("tcp", (*serverListenAddress).String())

Original file line number	Diff line number	Diff line change
`@@ -442,9 +442,10 @@ func serverListen(context *Context) error {`
`442`	`442`	`}`
`443`	`443`
`444`	`444`	`config.GetCertificate = context.cert.GetCertificate`
`445`		`- config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer`
`446`	`445`	`if *serverDisableAuth {`
`447`	`446`	`config.ClientAuth = tls.NoClientCert`
	`447`	`+ } else {`
	`448`	`+ config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer`
`448`	`449`	`}`
`449`	`450`
`450`	`451`	`listener, err := reuseport.NewReusablePortListener("tcp", (*serverListenAddress).String())`