Don't try to be clever about when to request client certs: we never know what could be in a .molly file.
This commit is contained in:
parent
bff3d6d486
commit
e70ec82594
|
@ -95,14 +95,12 @@ func launch(config Config, privInfo userInfo) int {
|
||||||
}
|
}
|
||||||
var tlscfg tls.Config
|
var tlscfg tls.Config
|
||||||
tlscfg.Certificates = []tls.Certificate{cert}
|
tlscfg.Certificates = []tls.Certificate{cert}
|
||||||
|
tlscfg.ClientAuth = tls.RequestClientCert
|
||||||
if config.AllowTLS12 {
|
if config.AllowTLS12 {
|
||||||
tlscfg.MinVersion = tls.VersionTLS12
|
tlscfg.MinVersion = tls.VersionTLS12
|
||||||
} else {
|
} else {
|
||||||
tlscfg.MinVersion = tls.VersionTLS13
|
tlscfg.MinVersion = tls.VersionTLS13
|
||||||
}
|
}
|
||||||
if len(config.CertificateZones) > 0 {
|
|
||||||
tlscfg.ClientAuth = tls.RequestClientCert
|
|
||||||
}
|
|
||||||
|
|
||||||
// Try to chdir to /, so we don't block any mountpoints
|
// Try to chdir to /, so we don't block any mountpoints
|
||||||
// But if we can't for some reason it's no big deal
|
// But if we can't for some reason it's no big deal
|
||||||
|
|
Loading…
Reference in New Issue