Don't try to be clever about when to request client certs: we never know what could be in a .molly file.

2023-02-24 19:12:52 +01:00 · 2023-02-24 19:12:52 +01:00 · e70ec82594
parent bff3d6d486
commit e70ec82594
1 changed files with 1 additions and 3 deletions
--- a/launch.go
+++ b/launch.go
@ -95,14 +95,12 @@ func launch(config Config, privInfo userInfo) int {
 	}
 	var tlscfg tls.Config
 	tlscfg.Certificates = []tls.Certificate{cert}
+	tlscfg.ClientAuth = tls.RequestClientCert
 	if config.AllowTLS12 {
 		tlscfg.MinVersion = tls.VersionTLS12
 	} else {
 		tlscfg.MinVersion = tls.VersionTLS13
 	}
-	if len(config.CertificateZones) > 0 {
-		tlscfg.ClientAuth = tls.RequestClientCert
-	}

 	// Try to chdir to /, so we don't block any mountpoints
 	// But if we can't for some reason it's no big deal