fix: set client CAs for mTLS auth (#437)

The new TLS config introduced in PR #414 does not set client CAs. So when enabling mTLS authentication, client requests fail with `certificate signed by unknown authority`. This commit fixes this by using the root CAs also for authenticating mTLS clients. Ref: #414
minio · Feb 9, 2024 · a275f23 · a275f23
1 parent 06d53c9
commit a275f23
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/kesconf/file.go b/kesconf/file.go
@@ -150,6 +150,7 @@ func (f *File) TLSConfig() (*tls.Config, error) {
 		Certificates: []tls.Certificate{certificate},
 		NextProtos:   []string{"h2", "http/1.1"},
 		RootCAs:      rootCAs,
+		ClientCAs:    rootCAs,
 	}, nil
 }