From 0a326575b1bf338a46eba56deb5a91fc1c8dc23f Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@redhat.com>
Date: Wed, 13 Nov 2024 09:09:05 +0100
Subject: [PATCH] Make `--tls-ca` optional

The CA can be empty and we should not block if it's not set.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
---
 cmd/crictl/exec.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/crictl/exec.go b/cmd/crictl/exec.go
index e37b195d89..df601d9ee0 100644
--- a/cmd/crictl/exec.go
+++ b/cmd/crictl/exec.go
@@ -281,9 +281,9 @@ func tlsConfigFromFlags(ctx *cli.Context) (*rest.TLSClientConfig, error) {
 	if cfg.CAFile == "" && cfg.CertFile == "" && cfg.KeyFile == "" {
 		return &rest.TLSClientConfig{Insecure: true}, nil
 	}
-	if cfg.CAFile == "" || cfg.CertFile == "" || cfg.KeyFile == "" {
+	if cfg.CertFile == "" || cfg.KeyFile == "" {
 		return nil, fmt.Errorf(
-			"all three flags --%s, --%s and --%s are required for TLS streaming",
+			"all two flags --%s and --%s are required for TLS streaming, only --%s is optional",
 			flagTLSCA, flagTLSCert, flagTLSKey,
 		)
 	}