From adfb2f41432ce7eedf0d12b0ebe1f1895efc2f49 Mon Sep 17 00:00:00 2001
From: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
Date: Tue, 10 Dec 2024 21:27:07 +0300
Subject: [PATCH] NOISSUE - Fix standard TLS connection (#2576)

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
---
 pkg/server/grpc/grpc.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/server/grpc/grpc.go b/pkg/server/grpc/grpc.go
index 14ad253cb7..0acf06b5ec 100644
--- a/pkg/server/grpc/grpc.go
+++ b/pkg/server/grpc/grpc.go
@@ -61,7 +61,7 @@ func (s *grpcServer) Start() error {
 			return fmt.Errorf("failed to load auth gRPC client certificates: %w", err)
 		}
 		tlsConfig := &tls.Config{
-			ClientAuth:   tls.RequireAndVerifyClientCert,
+			ClientAuth:   tls.NoClientCert,
 			Certificates: []tls.Certificate{certificate},
 		}
 
@@ -98,6 +98,8 @@ func (s *grpcServer) Start() error {
 		creds = grpc.Creds(credentials.NewTLS(tlsConfig))
 		switch {
 		case mtlsCA != "":
+			tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
+			creds = grpc.Creds(credentials.NewTLS(tlsConfig))
 			s.Logger.Info(fmt.Sprintf("%s service gRPC server listening at %s with TLS/mTLS cert %s , key %s and %s", s.Name, s.Address, s.Config.CertFile, s.Config.KeyFile, mtlsCA))
 		default:
 			s.Logger.Info(fmt.Sprintf("%s service gRPC server listening at %s with TLS cert %s and key %s", s.Name, s.Address, s.Config.CertFile, s.Config.KeyFile))