From 08bc6e210211f41af10afea7c8497176e55b26ec Mon Sep 17 00:00:00 2001
From: Solderpunk <solderpunk@sdf.org>
Date: Tue, 12 May 2020 22:23:22 +0200
Subject: [PATCH] Don't do client certificates in restricted mode.

---
 av98.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/av98.py b/av98.py
index 44b5f6b..11c3cae 100755
--- a/av98.py
+++ b/av98.py
@@ -404,6 +404,14 @@ Slow internet connection?  Use 'set timeout' to be more patient.""")
             return
         # Client cert
         elif status.startswith("6"):
+            # Don't do client cert stuff in restricted mode, as in principle
+            # it could be used to fill up the disk by creating a whole lot of
+            # certificates
+            if self.restricted:
+                print("The server is requesting a client certificate.")
+                print("These are not supported in restricted mode, sorry.")
+                return
+
             # Transient certs are a special case
             if status == "61":
                 print("The server is asking to start a transient client certificate session.")