Merge branch 'master' of https://github.com/CiscoCloud/consul-cli

mantl · Apr 6, 2016 · ec4c4a0 · ec4c4a0
2 parents 019a468 + e915655
commit ec4c4a0
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/commands/consul.go b/commands/consul.go
@@ -131,25 +131,31 @@ func (c *Cmd) Client() (*consulapi.Client, error) {
 		config.Scheme = "https"
 
 		if csl.sslCert != "" {
-			if csl.sslKey == "" || csl.sslCaCert == "" {
-				return nil, errors.New("--ssl-key and --ssl-ca-cert must be provided in order to use certificates for authentication")
+			if csl.sslKey == "" {
+				return nil, errors.New("--ssl-key must be provided in order to use certificates for authentication")
 			}
 			clientCert, err := tls.LoadX509KeyPair(csl.sslCert, csl.sslKey)
 			if err != nil {
 				return nil, err
 			}
 
+			csl.tlsConfig.Certificates = []tls.Certificate{clientCert}
+			csl.tlsConfig.BuildNameToCertificate()
+		}
+
+		if csl.sslVerify {
+			if csl.sslCaCert == "" {
+				return nil, errors.New("--ssl-ca-cert must be provided in order to use certificates for verification")
+			}
+
 			caCert, err := ioutil.ReadFile(csl.sslCaCert)
 			if err != nil {
 				return nil, err
 			}
 
 			caCertPool := x509.NewCertPool()
 			caCertPool.AppendCertsFromPEM(caCert)
-
-			csl.tlsConfig.Certificates = []tls.Certificate{clientCert}
 			csl.tlsConfig.RootCAs = caCertPool
-			csl.tlsConfig.BuildNameToCertificate()
 		}
 	}