From cdd6b794f4acadcdafa884621e8e86387d008d2c Mon Sep 17 00:00:00 2001
From: phamann <patrick@fastly.com>
Date: Thu, 18 Apr 2019 21:16:10 +0100
Subject: [PATCH] Don't set VerifyPeerCertificate function on TLS config if
 authentication is disabled.

---
 main.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 24ccabff59c..a53f37a1c1d 100644
--- a/main.go
+++ b/main.go
@@ -442,9 +442,10 @@ func serverListen(context *Context) error {
 	}
 
 	config.GetCertificate = context.cert.GetCertificate
-	config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer
 	if *serverDisableAuth {
 		config.ClientAuth = tls.NoClientCert
+	} else {
+		config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer
 	}
 
 	listener, err := reuseport.NewReusablePortListener("tcp", (*serverListenAddress).String())