From 5d6c6ad20e8fd144d0d22056009ffec0d2c66750 Mon Sep 17 00:00:00 2001
From: Anthony Romano <anthony.romano@coreos.com>
Date: Mon, 17 Jul 2017 13:26:12 -0700
Subject: [PATCH] etcdmain: use client tls info for v2 proxy client connections

Was defaulting to PeerTLSInfo for client connections to the etcd cluster.
Since proxy users may rely on this behavior, only use the client tls
info if given, and fall back to peer tls otherwise.
---
 etcdmain/etcd.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/etcdmain/etcd.go b/etcdmain/etcd.go
index 722df51f9..7c4cef503 100644
--- a/etcdmain/etcd.go
+++ b/etcdmain/etcd.go
@@ -199,7 +199,14 @@ func startEtcd(cfg *embed.Config) (<-chan struct{}, <-chan error, error) {
 func startProxy(cfg *config) error {
 	plog.Notice("proxy: this proxy supports v2 API only!")
 
-	pt, err := transport.NewTimeoutTransport(cfg.PeerTLSInfo, time.Duration(cfg.ProxyDialTimeoutMs)*time.Millisecond, time.Duration(cfg.ProxyReadTimeoutMs)*time.Millisecond, time.Duration(cfg.ProxyWriteTimeoutMs)*time.Millisecond)
+	clientTLSInfo := cfg.ClientTLSInfo
+	if clientTLSInfo.Empty() {
+		// Support old proxy behavior of defaulting to PeerTLSInfo
+		// for both client and peer connections.
+		clientTLSInfo = cfg.PeerTLSInfo
+	}
+
+	pt, err := transport.NewTimeoutTransport(clientTLSInfo, time.Duration(cfg.ProxyDialTimeoutMs)*time.Millisecond, time.Duration(cfg.ProxyReadTimeoutMs)*time.Millisecond, time.Duration(cfg.ProxyWriteTimeoutMs)*time.Millisecond)
 	if err != nil {
 		return err
 	}