updated the server to trust the embedded cert if no client ca is explicitly specified

client.go

@@ -519,7 +519,9 @@ func (r *ClientRoute) ReportEvent(pts_id uint32, event_type PACKET_KIND, event_d
 				} else {
 					_, err = ptc.conn.Write(data)
 					if err != nil {
-						r.cts.cli.log.Write(r.cts.sid, LOG_ERROR, "Failed to write to peer(%d,%d,%s,%s) - %s", r.id, pts_id, ptc.conn.RemoteAddr().String(), ptc.conn.LocalAddr().String(), err.Error())
+						r.cts.cli.log.Write(r.cts.sid, LOG_ERROR,
+							"Failed to write to peer(%d,%d,%s,%s) - %s",
+							r.id, pts_id, ptc.conn.RemoteAddr().String(), ptc.conn.LocalAddr().String(), err.Error())
 						ptc.ReqStop()
 					}
 				}

cmd/config.go

@@ -128,6 +128,7 @@ func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
 	if cfg.Enabled {
 		var cert tls.Certificate
 		var cert_pool *x509.CertPool
+		var ok bool
 		var err error
 
 		if cfg.CertText != "" && cfg.KeyText != "" {
@@ -142,11 +143,7 @@ func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
 			return nil, fmt.Errorf("failed to load key pair - %s", err)
 		}
 
-		if cfg.ClientCACertText != "" || cfg.ClientCACertFile != ""{
-			var ok bool
-
 		cert_pool = x509.NewCertPool()
-
 		if cfg.ClientCACertText != "" {
 			ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ClientCACertText))
 			if !ok {
@@ -162,6 +159,10 @@ func make_tls_server_config(cfg *ServerTLSConfig) (*tls.Config, error) {
 			if !ok {
 				return nil, fmt.Errorf("failed to append certificate to pool")
 			}
+		} else {
+			ok = cert_pool.AppendCertsFromPEM(hodu_tls_cert_text)
+			if !ok {
+				return nil, fmt.Errorf("failed to append certificate to pool")
 			}
 		}
 
@@ -201,7 +202,6 @@ func make_tls_client_config(cfg *ClientTLSConfig) (*tls.Config, error) {
 		}
 
 		cert_pool = x509.NewCertPool()
-
 		if cfg.ServerCACertText != "" {
 			ok = cert_pool.AppendCertsFromPEM([]byte(cfg.ServerCACertText))
 			if !ok {