fix: set client CAs for mTLS auth

The new TLS config introduced in PR minio#414 does not set client CAs. So when enabling mTLS authentication, client requests fail with `certificate signed by unknown authority`. This commit fixes this by using the root CAs also for authenticating mTLS clients. Ref: minio#414
lu1as · Jan 21, 2024 · 7fd5b5e · 7fd5b5e
1 parent 06d53c9
commit 7fd5b5e
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/kesconf/file.go b/kesconf/file.go
@@ -150,6 +150,7 @@ func (f *File) TLSConfig() (*tls.Config, error) {
 		Certificates: []tls.Certificate{certificate},
 		NextProtos:   []string{"h2", "http/1.1"},
 		RootCAs:      rootCAs,
+		ClientCAs:    rootCAs,
 	}, nil
 }