TLS: make --insecure option actually work without custom certificates

As #116 points out, the flag is not really working at the moment, if
you don't provide custom client certificates.

This commit is doing mostly the same as #116, but I also cleared up
some stuff, while we're at it.

Hope Github correctly shows the co-authorship.

Co-authored-by: WGH <wgh@torlan.ru>

Author: codesenberg

client_cert.go

@@ -7,31 +7,27 @@ import (
 // readClientCert - helper function to read client certificate
 // from pem formatted certPath and keyPath files
 func readClientCert(certPath, keyPath string) ([]tls.Certificate, error) {
-	if certPath != "" && keyPath != "" {
-		// load keypair
-		cert, err := tls.LoadX509KeyPair(certPath, keyPath)
-		if err != nil {
-			return nil, err
-		}
-
-		return []tls.Certificate{cert}, nil
-	}
-	return nil, nil
+	// load keypair
+	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
+	return []tls.Certificate{cert}, err
 }
 
 // generateTLSConfig - helper function to generate a TLS configuration based on
 // config
 func generateTLSConfig(c config) (*tls.Config, error) {
-	// Return nil, if no custom cert/key pair was provided.
+	var (
+		certs []tls.Certificate
+		err   error
+	)
 	// This assumes that the caller has validated that either both or none of
 	// the c.certPath and c.keyPath are set.
-	if c.certPath == "" && c.keyPath == "" {
-		return nil, nil
-	}
-	certs, err := readClientCert(c.certPath, c.keyPath)
-	if err != nil {
-		return nil, err
+	if c.certPath != "" && c.keyPath != "" {
+		certs, err = readClientCert(c.certPath, c.keyPath)
+		if err != nil {
+			return nil, err
+		}
 	}
+
 	// Disable gas warning, because InsecureSkipVerify may be set to true
 	// for the purpose of testing
 	/* #nosec */