From 5e211c61accdb1eb2796022017cffea64703355c Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Thu, 25 Feb 2021 12:39:03 +0100
Subject: [PATCH] Fix cleartext listeners

We need a nil *tls.Config to setup cleartext listeners.

Fixes: eaed35982976 ("Add support for TLS listeners")
Closes: https://github.com/emersion/hydroxide/issues/156
---
 config/tls.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/config/tls.go b/config/tls.go
index 198885c..19428f9 100644
--- a/config/tls.go
+++ b/config/tls.go
@@ -8,21 +8,27 @@ import (
 )
 
 func TLS(certPath string, keyPath string, clientCAPath string) (*tls.Config, error) {
-	tlsConfig := &tls.Config{}
+	var tlsConfig *tls.Config
 
 	if certPath != "" && keyPath != "" {
 		cert, err := tls.LoadX509KeyPair(certPath, keyPath)
 		if err != nil {
-			return nil, fmt.Errorf("error: unable load key pair: %s", err)
+			return nil, fmt.Errorf("unable load key pair: %s", err)
 		}
 
-		tlsConfig.Certificates = []tls.Certificate{cert}
+		tlsConfig = &tls.Config{
+			Certificates: []tls.Certificate{cert},
+		}
 	}
 
 	if clientCAPath != "" {
+		if tlsConfig == nil {
+			return nil, fmt.Errorf("cannot check client certificate without a server certificate and key")
+		}
+
 		data, err := ioutil.ReadFile(clientCAPath)
 		if err != nil {
-			return nil, fmt.Errorf("error: unable read CA file: %s", err)
+			return nil, fmt.Errorf("unable read CA file: %s", err)
 		}
 
 		pool := x509.NewCertPool()