Actually, be *even moar* clever about client certs...(see e70ec, 3a039)

2025-04-13 09:29:46 +00:00 · 2025-02-08 18:53:41 +01:00 · 2025-02-08 18:53:41 +01:00 · 89eeb5a55e
commit 89eeb5a55e
parent 34a623aabf
1 changed files with 2 additions and 2 deletions
--- a/launch.go
+++ b/launch.go
@ -99,13 +99,13 @@ func launch(sysConfig SysConfig, userConfig UserConfig, privInfo userInfo) int {
 	}
 	var tlscfg tls.Config
 	tlscfg.Certificates = []tls.Certificate{cert}
-	tlscfg.ClientAuth = tls.RequestClientCert
 	if sysConfig.AllowTLS12 {
 		tlscfg.MinVersion = tls.VersionTLS12
 	} else {
 		tlscfg.MinVersion = tls.VersionTLS13
 	}
-	if len(userConfig.CertificateZones) > 0 || sysConfig.ReadMollyFiles {
+	if len(userConfig.CertificateZones) > 0 || sysConfig.ReadMollyFiles ||
+	   len(sysConfig.CGIPaths) > 0 || len(sysConfig.SCGIPaths) > 0 {
 		tlscfg.ClientAuth = tls.RequestClientCert
 	}