add validation to client rawCerts

Author: ZetaoZhuang

cns/service.go

@@ -158,6 +158,10 @@ func getTLSConfig(tlsSettings localtls.TlsSettings, errChan chan<- error) (*tls.
 
 // verifyPeerCertificate verifies the client certificate's subject name matches the expected subject name.
 func verifyPeerCertificate(rawCerts [][]byte, clientSubjectName string) error {
+
+	if len(rawCerts) == 0 {
+		return errors.New("no client certificate provided")
+	}
 	// no client subject name provided, skip verification
 	if clientSubjectName == "" {
 		return nil

cns/service_test.go

@@ -176,9 +176,9 @@ func TestNewService(t *testing.T) {
 				},
 			}
 
-			tlsUrl := fmt.Sprintf("https://localhost:%s", tlsSettings.TLSPort)
+			tlsURL := fmt.Sprintf("https://localhost:%s", tlsSettings.TLSPort)
 			// TLS listener
-			req, err := http.NewRequestWithContext(context.TODO(), http.MethodGet, tlsUrl, http.NoBody)
+			req, err := http.NewRequestWithContext(context.TODO(), http.MethodGet, tlsURL, http.NoBody)
 			require.NoError(t, err)
 			resp, err := client.Do(req)
 			t.Cleanup(func() {