From e70ec82594c4225db216049e4b2c5abc030e1317 Mon Sep 17 00:00:00 2001
From: Solderpunk <solderpunk@posteo.net>
Date: Fri, 24 Feb 2023 19:12:52 +0100
Subject: [PATCH] Don't try to be clever about when to request client certs: we
 never know what could be in a .molly file.

---
 launch.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/launch.go b/launch.go
index c29595d..01f99bc 100644
--- a/launch.go
+++ b/launch.go
@@ -95,14 +95,12 @@ func launch(config Config, privInfo userInfo) int {
 	}
 	var tlscfg tls.Config
 	tlscfg.Certificates = []tls.Certificate{cert}
+	tlscfg.ClientAuth = tls.RequestClientCert
 	if config.AllowTLS12 {
 		tlscfg.MinVersion = tls.VersionTLS12
 	} else {
 		tlscfg.MinVersion = tls.VersionTLS13
 	}
-	if len(config.CertificateZones) > 0 {
-		tlscfg.ClientAuth = tls.RequestClientCert
-	}
 
 	// Try to chdir to /, so we don't block any mountpoints
 	// But if we can't for some reason it's no big deal