diff options
| author | Florian Zschocke <f.zschocke+git@gmail.com> | 2022-08-14 14:10:09 +0200 |
|---|---|---|
| committer | Florian Zschocke <f.zschocke+git@gmail.com> | 2022-08-14 14:10:09 +0200 |
| commit | 1df20a06c93ac68203f10d89f025d6ee74f5f23b (patch) | |
| tree | 740d594e512d4494b5409c6d55de610753876ef2 | |
| parent | f1a20ea57d20735e54507ddb8cc7197b20030da9 (diff) | |
| parent | 7a0639b514cff77fe5b149b16a6eb8f1f216443b (diff) | |
| download | gitblit-1df20a06c93ac68203f10d89f025d6ee74f5f23b.tar.gz gitblit-1df20a06c93ac68203f10d89f025d6ee74f5f23b.zip | |
Merge branch 'disable-client-certs' of github.com:oddeirik/gitblit into oddeirik-disable-client-certs
| -rw-r--r-- | src/main/distrib/data/defaults.properties | 13 | ||||
| -rw-r--r-- | src/main/java/com/gitblit/GitBlitServer.java | 5 |
2 files changed, 15 insertions, 3 deletions
diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties index 5dea6a0a..604caa8f 100644 --- a/src/main/distrib/data/defaults.properties +++ b/src/main/distrib/data/defaults.properties @@ -2135,8 +2135,8 @@ server.storePassword = gitblit # authenticate with ssl certificates. If enabled, only https clients with the # a valid client certificate will be able to access Gitblit. # -# If disabled, client certificate authentication is optional and will be tried -# first before falling-back to form authentication or basic authentication. +# If disabled, optional client certificate authentication is configurable by +# server.wantClientCertificates # # Requiring client certificates to access any of Gitblit may be too extreme, # consider this carefully. @@ -2145,6 +2145,15 @@ server.storePassword = gitblit # RESTART REQUIRED server.requireClientCertificates = false +# If enabled, client certificate authentication is optional and will be tried +# first before falling-back to form authentication or basic authentication. +# +# If disabled, no client certificate authentication will be done at all. +# +# SINCE 1.8.1 +# RESTART REQUIRED +server.wantClientCertificates = false + # Port for shutdown monitor to listen on. # # SINCE 0.5.0 diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java index 06000f53..190cc5d2 100644 --- a/src/main/java/com/gitblit/GitBlitServer.java +++ b/src/main/java/com/gitblit/GitBlitServer.java @@ -292,7 +292,7 @@ public class GitBlitServer { if (params.requireClientCertificates) { factory.setNeedClientAuth(true); } else { - factory.setWantClientAuth(true); + factory.setWantClientAuth((params.wantClientCertificates)); } ServerConnector connector = new ServerConnector(server, factory); @@ -602,6 +602,9 @@ public class GitBlitServer { @Option(name = "--requireClientCertificates", usage = "Require client X509 certificates for https connections.") public Boolean requireClientCertificates = FILESETTINGS.getBoolean(Keys.server.requireClientCertificates, false); + @Option(name = "--wantClientCertificates", usage = "Ask for optional client X509 certificate for https connections. Ignored if client certificates are required.") + public Boolean wantClientCertificates = FILESETTINGS.getBoolean(Keys.server.wantClientCertificates, false); + /* * Setting overrides */ |