From 89eeb5a55e667ee556c2138fd2b3fcde918f5364 Mon Sep 17 00:00:00 2001
From: Solderpunk <solderpunk@posteo.net>
Date: Sat, 8 Feb 2025 18:53:41 +0100
Subject: [PATCH] Actually, be *even moar* clever about client certs...(see
 e70ec, 3a039)

---
 launch.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/launch.go b/launch.go
index 3738f4b..396d8e5 100644
--- a/launch.go
+++ b/launch.go
@@ -99,13 +99,13 @@ func launch(sysConfig SysConfig, userConfig UserConfig, privInfo userInfo) int {
 	}
 	var tlscfg tls.Config
 	tlscfg.Certificates = []tls.Certificate{cert}
-	tlscfg.ClientAuth = tls.RequestClientCert
 	if sysConfig.AllowTLS12 {
 		tlscfg.MinVersion = tls.VersionTLS12
 	} else {
 		tlscfg.MinVersion = tls.VersionTLS13
 	}
-	if len(userConfig.CertificateZones) > 0 || sysConfig.ReadMollyFiles {
+	if len(userConfig.CertificateZones) > 0 || sysConfig.ReadMollyFiles ||
+	   len(sysConfig.CGIPaths) > 0 || len(sysConfig.SCGIPaths) > 0 {
 		tlscfg.ClientAuth = tls.RequestClientCert
 	}