From 56876ab825fa3d9bf5174fef5cb3be3e4413eed1 Mon Sep 17 00:00:00 2001
From: Justin Chadwell <me@jedevc.com>
Date: Thu, 23 Mar 2023 10:43:10 +0000
Subject: [PATCH] remote: avoid tls error if both key and cert are not set

Previously, we would explicitly error if all TLS parameters were not
available. However, it is a perfectly valid use case to connect to a
buildkit server that only provides TLS in one direction to verify the
server (which is possible today with buildctl).

To support this use case, we only need to error if only one of key or
cert is set, and the other is not - if both are unspecified, the client
will not present a certificate to the server.

Signed-off-by: Justin Chadwell <me@jedevc.com>
---
 driver/remote/factory.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/driver/remote/factory.go b/driver/remote/factory.go
index 83ce16e6..374d97d5 100644
--- a/driver/remote/factory.go
+++ b/driver/remote/factory.go
@@ -98,12 +98,12 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 		if tls.caCert == "" {
 			missing = append(missing, "cacert")
 		}
-		if tls.cert == "" {
-			missing = append(missing, "cert")
-		}
-		if tls.key == "" {
+		if tls.cert != "" && tls.key == "" {
 			missing = append(missing, "key")
 		}
+		if tls.key != "" && tls.cert == "" {
+			missing = append(missing, "cert")
+		}
 		if len(missing) > 0 {
 			return nil, errors.Errorf("tls enabled, but missing keys %s", strings.Join(missing, ", "))
 		}