hashicorp · jefferai · Feb 28, 2018 · Sep 22, 2017 · Sep 22, 2017 · Sep 23, 2017
diff --git a/command/server/listener.go b/command/server/listener.go
@@ -177,7 +177,12 @@ PASSPHRASECORRECT:
 		if disableClientCerts && requireVerifyCerts {
 			return nil, nil, nil, fmt.Errorf("'tls_disable_client_certs' and 'tls_require_and_verify_client_cert' are mutually exclusive")
 		}
-		tlsConf.ClientAuth = tls.NoClientCert
+		if disableClientCerts {
+			tlsConf.ClientAuth = tls.NoClientCert
+		}
+		if !disableClientCerts {
+			tlsConf.ClientAuth = tls.VerifyClientCertIfGiven
+		}
 	}
 
 	ln = tls.NewListener(ln, tlsConf)