From 3a03995f266f1db776a7086eb6cbbc3dcaa26024 Mon Sep 17 00:00:00 2001 From: Solderpunk Date: Thu, 2 Mar 2023 17:24:34 +0100 Subject: [PATCH] Actually, be *more* clever about client certs...(see e70ec) --- launch.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/launch.go b/launch.go index b5c5fcc..3bbee89 100644 --- a/launch.go +++ b/launch.go @@ -105,6 +105,9 @@ func launch(sysConfig SysConfig, userConfig UserConfig, privInfo userInfo) int { } else { tlscfg.MinVersion = tls.VersionTLS13 } + if len(userConfig.CertificateZones) > 0 || sysConfig.ReadMollyFiles { + tlscfg.ClientAuth = tls.RequestClientCert + } // Try to chdir to /, so we don't block any mountpoints // But if we can't for some reason it's no big deal