From 441614b38665f3831c4f91d10a21e6d4d4f52391 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karol=20B=C4=99dkowski?=
 <KarolBedkowski@users.noreply.github.com>
Date: Thu, 13 Feb 2025 21:27:38 +0000
Subject: [PATCH] fix: s3 command ignore -tlsVerifyClientCert and -cacert.file
 arguments (#6547)

s3 command ignore tlsVerifyClientCert and cacert.file arguments from
command line. On startS3Server instead of use real values (in s3opt),
default values (from s3Options, always empty) are checked.

Now on right values are checked and if user provide this arguments
RequireAndVerifyClientCert is set and/or ca certificate is loaded.
---
 weed/command/s3.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/weed/command/s3.go b/weed/command/s3.go
index e568de91b..84042b3e0 100644
--- a/weed/command/s3.go
+++ b/weed/command/s3.go
@@ -312,7 +312,7 @@ func (s3opt *S3Options) startS3Server() bool {
 		}
 
 		caCertPool := x509.NewCertPool()
-		if *s3Options.tlsCACertificate != "" {
+		if *s3opt.tlsCACertificate != "" {
 			// load CA certificate file and add it to list of client CAs
 			caCertFile, err := ioutil.ReadFile(*s3opt.tlsCACertificate)
 			if err != nil {
@@ -322,7 +322,7 @@ func (s3opt *S3Options) startS3Server() bool {
 		}
 
 		clientAuth := tls.NoClientCert
-		if *s3Options.tlsVerifyClientCert {
+		if *s3opt.tlsVerifyClientCert {
 			clientAuth = tls.RequireAndVerifyClientCert
 		}