From 786d8013b9b8d058d4cbc253ae207b25fd1b0470 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ken-H=C3=A5vard=20Lieng?= <kk_998@hotmail.com>
Date: Fri, 30 Jun 2017 07:20:38 +0200
Subject: [PATCH] Set InsecureSkipVerify correctly when theres no client cert,
 rename verify_client_certificates to verify_certificates

---
 config.default.toml         |  2 +-
 server/irc.go               | 12 +++++++-----
 server/websocket_handler.go |  9 ++++++---
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/config.default.toml b/config.default.toml
index bb1eea40..1b12390a 100644
--- a/config.default.toml
+++ b/config.default.toml
@@ -1,5 +1,5 @@
 port = 80
-verify_client_certificates = true
+verify_certificates = true
 
 # Defaults for the client connect form
 [defaults]
diff --git a/server/irc.go b/server/irc.go
index 4b12fd8e..f1e02924 100644
--- a/server/irc.go
+++ b/server/irc.go
@@ -4,10 +4,9 @@ import (
 	"crypto/tls"
 	"net"
 
-	"github.com/spf13/viper"
-
 	"github.com/khlieng/dispatch/irc"
 	"github.com/khlieng/dispatch/storage"
+	"github.com/spf13/viper"
 )
 
 func createNickInUseHandler(i *irc.Client, session *Session) func(string) string {
@@ -34,10 +33,13 @@ func reconnectIRC() {
 			i.Realname = server.Realname
 			i.HandleNickInUse = createNickInUseHandler(i, session)
 
-			if cert := user.GetCertificate(); cert != nil {
+			if i.TLS {
 				i.TLSConfig = &tls.Config{
-					Certificates:       []tls.Certificate{*cert},
-					InsecureSkipVerify: !viper.GetBool("verify_client_certificates"),
+					InsecureSkipVerify: !viper.GetBool("verify_certificates"),
+				}
+
+				if cert := user.GetCertificate(); cert != nil {
+					i.TLSConfig.Certificates = []tls.Certificate{*cert}
 				}
 			}
 
diff --git a/server/websocket_handler.go b/server/websocket_handler.go
index 187b6de0..1fd26732 100644
--- a/server/websocket_handler.go
+++ b/server/websocket_handler.go
@@ -111,10 +111,13 @@ func (h *wsHandler) connect(b []byte) {
 			i.Password = data.Password
 		}
 
-		if cert := h.session.user.GetCertificate(); cert != nil {
+		if i.TLS {
 			i.TLSConfig = &tls.Config{
-				Certificates:       []tls.Certificate{*cert},
-				InsecureSkipVerify: !viper.GetBool("verify_client_certificates"),
+				InsecureSkipVerify: !viper.GetBool("verify_certificates"),
+			}
+
+			if cert := h.session.user.GetCertificate(); cert != nil {
+				i.TLSConfig.Certificates = []tls.Certificate{*cert}
 			}
 		}