Fix tests.

ca/ca_test.go

@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"strings"
 	"testing"
 	"time"
@@ -50,6 +51,11 @@ func getCSR(priv interface{}) (*x509.CertificateRequest, error) {
 	return x509.ParseCertificateRequest(csrBytes)
 }
 
+func TestMain(m *testing.M) {
+	DisableIdentity = true
+	os.Exit(m.Run())
+}
+
 func TestCASign(t *testing.T) {
 	pub, priv, err := keys.GenerateDefaultKeyPair()
 	assert.FatalError(t, err)

ca/client.go

@@ -63,6 +63,10 @@ func (o *clientOptions) apply(opts []ClientOption) (err error) {
 // applyDefaultIdentity sets the options for the default identity if the
 // identity file is present. The identity is enabled by default.
 func (o *clientOptions) applyDefaultIdentity() error {
+	if DisableIdentity {
+		return nil
+	}
+
 	b, err := ioutil.ReadFile(IdentityFile)
 	if err != nil {
 		return nil
@@ -132,10 +136,16 @@ func (o *clientOptions) getTransport(endpoint string) (tr http.RoundTripper, err
 	if o.certificate.Certificate != nil {
 		switch tr := tr.(type) {
 		case *http.Transport:
+			if tr.TLSClientConfig == nil {
+				tr.TLSClientConfig = &tls.Config{}
+			}
 			if len(tr.TLSClientConfig.Certificates) == 0 && tr.TLSClientConfig.GetClientCertificate == nil {
 				tr.TLSClientConfig.Certificates = []tls.Certificate{o.certificate}
 			}
 		case *http2.Transport:
+			if tr.TLSClientConfig == nil {
+				tr.TLSClientConfig = &tls.Config{}
+			}
 			if len(tr.TLSClientConfig.Certificates) == 0 && tr.TLSClientConfig.GetClientCertificate == nil {
 				tr.TLSClientConfig.Certificates = []tls.Certificate{o.certificate}
 			}

ca/identity.go

@@ -23,6 +23,9 @@ import (
 // IdentityType represents the different types of identity files.
 type IdentityType string
 
+// DisableIdentity is a global variable to disable the identity.
+var DisableIdentity bool = false
+
 // Disabled represents a disabled identity type
 const Disabled IdentityType = ""