From 6d87351e5eeca5599838c8ac3080102df6328689 Mon Sep 17 00:00:00 2001
From: hyung-hwan <hyunghwan.chung@gmail.com>
Date: Sat, 7 Dec 2024 21:31:06 +0900
Subject: [PATCH] updated the server to trust the embedded cert if no client ca
 is explicitly specified

---
 client.go     |  4 +++-
 cmd/config.go | 42 +++++++++++++++++++++---------------------
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/client.go b/client.go
index 6637831..09ad307 100644
--- a/client.go
+++ b/client.go
@@ -519,7 +519,9 @@ func (r *ClientRoute) ReportEvent(pts_id uint32, event_type PACKET_KIND, event_d
 				} else {
 					_, err = ptc.conn.Write(data)
 					if err != nil {
-						r.cts.cli.log.Write(r.cts.sid, LOG_ERROR, "Failed to write to peer(%d,%d,%s,%s) - %s", r.id, pts_id, ptc.conn.RemoteAddr().String(), ptc.conn.LocalAddr().String(), err.Error())
+						r.cts.cli.log.Write(r.cts.sid, LOG_ERROR,
+							"Failed to write to peer(%d,%d,%s,%s) - %s",
+							r.id, pts_id, ptc.conn.RemoteAddr().String(), ptc.conn.LocalAddr().String(), err.Error())
 						ptc.ReqStop()
 					}
 				}
diff --git a/cmd/config.go b/cmd/config.go
index 2ca47ba..323e42d 100644
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -128,6 +128,7 @@ func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
 	if cfg.Enabled {
 		var cert tls.Certificate
 		var cert_pool *x509.CertPool
+		var ok bool
 		var err error
 
 		if cfg.CertText != "" && cfg.KeyText != "" {
@@ -142,26 +143,26 @@ func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
 			return nil, fmt.Errorf("failed to load key pair - %s", err)
 		}
 
-		if cfg.ClientCACertText != "" || cfg.ClientCACertFile != ""{
-			var ok bool
-
-			cert_pool = x509.NewCertPool()
-
-			if cfg.ClientCACertText != "" {
-				ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ClientCACertText))
-				if !ok {
-					return nil, fmt.Errorf("failed to append certificate to pool")
-				}
-			} else if cfg.ClientCACertFile != "" {
-				var text []byte
-				text, err = ioutil.ReadFile(cfg.ClientCACertFile)
-				if err != nil {
-					return nil, fmt.Errorf("failed to load ca certficate file %s - %s", cfg.ClientCACertFile, err.Error())
-				}
-				ok = cert_pool.AppendCertsFromPEM(text)
-				if !ok {
-					return nil, fmt.Errorf("failed to append certificate to pool")
-				}
+		cert_pool = x509.NewCertPool()
+		if cfg.ClientCACertText != "" {
+			ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ClientCACertText))
+			if !ok {
+				return nil, fmt.Errorf("failed to append certificate to pool")
+			}
+		} else if cfg.ClientCACertFile != "" {
+			var text []byte
+			text, err = ioutil.ReadFile(cfg.ClientCACertFile)
+			if err != nil {
+				return nil, fmt.Errorf("failed to load ca certficate file %s - %s", cfg.ClientCACertFile, err.Error())
+			}
+			ok = cert_pool.AppendCertsFromPEM(text)
+			if !ok {
+				return nil, fmt.Errorf("failed to append certificate to pool")
+			}
+		} else {
+			ok = cert_pool.AppendCertsFromPEM(hodu_tls_cert_text)
+			if !ok {
+				return nil, fmt.Errorf("failed to append certificate to pool")
 			}
 		}
 
@@ -201,7 +202,6 @@ func make_tls_client_config(cfg *ClientTLSConfig) (*tls.Config, error) {
 		}
 
 		cert_pool = x509.NewCertPool()
-
 		if cfg.ServerCACertText != "" {
 			ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ServerCACertText))
 			if !ok {