From 28e0e8fd88106754631b50f9b70dc44eab6db4de Mon Sep 17 00:00:00 2001
From: Aliaksandr Valialkin <valyala@gmail.com>
Date: Mon, 4 May 2020 20:08:52 +0300
Subject: [PATCH] lib/promauth: properly set up client certificate in
 tls.Config

Previously the client certificate has been mistakenly set up as a server certificate
---
 lib/promauth/config.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/promauth/config.go b/lib/promauth/config.go
index 11f83f9cb..4c3cd82fe 100644
--- a/lib/promauth/config.go
+++ b/lib/promauth/config.go
@@ -69,7 +69,9 @@ func (ac *Config) NewTLSConfig() *tls.Config {
 		ClientSessionCache: tls.NewLRUClientSessionCache(0),
 	}
 	if ac.TLSCertificate != nil {
-		tlsCfg.Certificates = []tls.Certificate{*ac.TLSCertificate}
+		tlsCfg.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
+			return ac.TLSCertificate, nil
+		}
 	}
 	tlsCfg.ServerName = ac.TLSServerName
 	tlsCfg.InsecureSkipVerify = ac.TLSInsecureSkipVerify