Redis redis-server should ignore client certificate if tls-auth-clients no

To reproduce: - Startup redis-server (v6.0.5) with TLS enabled but tls-auth-clients no redis-server --tls-port 6379 --port 0 --tls-cert-file ./valid.crt --tls-key-file ./valid.key --tls-ca-cert-file ./valid.cacrt --tls-auth-clients no - Run redis-cli (v6.0.5) connecting with a key and cert (the values here don't matter particularly) redis-cli -h localhost -p 6379 --tls --cert ./some.bad.crt --key ./some.bad.key --cacert ./valid.cacrt

redis-server produces: Error accepting a client connection: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

Shouldn't this still produce a valid connection, since tls-auth-clients is disabled? The use-case for something like this is frameworks (particularly bitnami-docker-redis-cluster in this case) do not change their redis-cli command based off of the status of tls-auth-clients.

Comment From: yossigo

@jpasquers that's a good point, thanks! This use case makes sense and I believe it's also a common practice, although it will close the door for optional certs in the future (i.e. when a cert could be used instead of AUTH). Unless another strong reason to avoid that comes up, I'll fix that.