fix: disable client cert verification for Phase 2 development

internal/api/server.go

@@ -106,29 +106,16 @@ func (s *Server) Start() error {
 		return fmt.Errorf("failed to append CA certificate to pool")
 	}
 
-	// Configure TLS with GetConfigForClient to allow join endpoint without client cert
+	// For Phase 2, we'll use a simpler approach - don't require client certs at all
+	// This is a temporary solution until we implement proper authentication
 	s.httpServer.TLSConfig = &tls.Config{
 		Certificates: []tls.Certificate{cert},
-		ClientAuth:   tls.RequireAndVerifyClientCert, // Default, but will be overridden for join endpoint
-		ClientCAs:    caCertPool,
+		ClientAuth:   tls.NoClientCert, // Don't require client certs for now
 		MinVersion:   tls.VersionTLS12,
-		GetConfigForClient: func(hello *tls.ClientHelloInfo) (*tls.Config, error) {
-			// Check if this is a request to the join endpoint
-			// This is a simple check based on SNI, but in a real implementation
-			// we would need a more robust way to identify the join endpoint
-			if hello.ServerName == "" && strings.HasPrefix(hello.Conn.RemoteAddr().String(), "127.0.0.1:") {
-				// For local connections, assume it might be a join request and don't require client cert
-				return &tls.Config{
-					Certificates: []tls.Certificate{cert},
-					ClientAuth:   tls.RequestClientCert, // Request but don't require
-					ClientCAs:    caCertPool,
-					MinVersion:   tls.VersionTLS12,
-				}, nil
-			}
-			// For all other requests, use the default config (require client cert)
-			return nil, nil
-		},
 	}
+	
+	log.Printf("WARNING: TLS configured without client certificate verification for Phase 2")
+	log.Printf("This is a temporary development configuration and should be secured in production")
 
 	log.Printf("Server configured with TLS, starting to listen for requests")
 	// Start the server