Disable TLS for proxy connection

Quinn-With-Two-Ns · Quinn-With-Two-Ns · commit 433f5f3b4d02 · 2024-06-10T10:09:30.000-07:00
diff --git a/harness/go/harness/runner.go b/harness/go/harness/runner.go
@@ -86,20 +86,23 @@ func NewRunner(config RunnerConfig, feature *PreparedFeature) (*Runner, error) {
 	}()
 
 	// Create client
+	var err error
+	tlsCfg, err := LoadTLSConfig(r.ClientCertPath, r.ClientKeyPath)
+	if err != nil {
+		return nil, err
+	}
+
 	r.Feature.ClientOptions.HostPort = r.ServerHostPort
 	if r.Feature.ClientUsesProxy {
 		r.Feature.ClientOptions.HostPort = r.ProxyListenHostPort
+	} else {
+		// Don't use TLS for the proxy connection
+		r.Feature.ClientOptions.ConnectionOptions.TLS = tlsCfg
 	}
 	r.Feature.ClientOptions.Namespace = r.Namespace
 	if r.Feature.ClientOptions.Logger == nil {
 		r.Feature.ClientOptions.Logger = r.Log
 	}
-	var err error
-	tlsCfg, err := LoadTLSConfig(r.ClientCertPath, r.ClientKeyPath)
-	if err != nil {
-		return nil, err
-	}
-	r.Feature.ClientOptions.ConnectionOptions.TLS = tlsCfg
 
 	if r.Feature.BeforeDial != nil {
 		if err = r.Feature.BeforeDial(r); err != nil {
@@ -113,6 +116,7 @@ func NewRunner(config RunnerConfig, feature *PreparedFeature) (*Runner, error) {
 
 	savedValue := r.Feature.ClientOptions.HostPort
 	r.Feature.ClientOptions.HostPort = r.ServerHostPort
+	r.Feature.ClientOptions.ConnectionOptions.TLS = tlsCfg
 	if r.DirectClient, err = client.Dial(r.Feature.ClientOptions); err != nil {
 		return nil, fmt.Errorf("failed creating client: %w", err)
 	}
