From 51d778605071caee5c41096253eb366218a3b7ff Mon Sep 17 00:00:00 2001
From: Anthony Romano <anthony.romano@coreos.com>
Date: Mon, 24 Jul 2017 15:37:05 -0700
Subject: [PATCH] etcdmain: create self-signed certs when listening on https
 for httpproxy

Fixes failures from TestCtlV3PutClientAutoTLS in proxy coverage tests.
---
 etcdmain/etcd.go | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/etcdmain/etcd.go b/etcdmain/etcd.go
index f04eb4f8a..e5d5bd5b8 100644
--- a/etcdmain/etcd.go
+++ b/etcdmain/etcd.go
@@ -314,9 +314,28 @@ func startProxy(cfg *config) error {
 	if cfg.isReadonlyProxy() {
 		ph = httpproxy.NewReadonlyHandler(ph)
 	}
+
+	// setup self signed certs when serving https
+	cHosts, cTLS := []string{}, false
+	for _, u := range cfg.LCUrls {
+		cHosts = append(cHosts, u.Host)
+		cTLS = cTLS || u.Scheme == "https"
+	}
+	for _, u := range cfg.ACUrls {
+		cHosts = append(cHosts, u.Host)
+		cTLS = cTLS || u.Scheme == "https"
+	}
+	listenerTLS := cfg.ClientTLSInfo
+	if cfg.ClientAutoTLS && cTLS {
+		listenerTLS, err = transport.SelfCert(filepath.Join(cfg.Dir, "clientCerts"), cHosts)
+		if err != nil {
+			plog.Fatalf("proxy: could not initialize self-signed client certs (%v)", err)
+		}
+	}
+
 	// Start a proxy server goroutine for each listen address
 	for _, u := range cfg.LCUrls {
-		l, err := transport.NewListener(u.Host, u.Scheme, &cfg.ClientTLSInfo)
+		l, err := transport.NewListener(u.Host, u.Scheme, &listenerTLS)
 		if err != nil {
 			return err
 		}