diff options
| -rw-r--r-- | src/main/distrib/data/defaults.properties | 13 | ||||
| -rw-r--r-- | src/main/java/com/gitblit/GitBlitServer.java | 5 |
2 files changed, 15 insertions, 3 deletions
diff --git a/src/main/distrib/data/defaults.properties b/src/main/distrib/data/defaults.properties index 5dea6a0a..604caa8f 100644 --- a/src/main/distrib/data/defaults.properties +++ b/src/main/distrib/data/defaults.properties @@ -2135,8 +2135,8 @@ server.storePassword = gitblit # authenticate with ssl certificates. If enabled, only https clients with the # a valid client certificate will be able to access Gitblit. # -# If disabled, client certificate authentication is optional and will be tried -# first before falling-back to form authentication or basic authentication. +# If disabled, optional client certificate authentication is configurable by +# server.wantClientCertificates # # Requiring client certificates to access any of Gitblit may be too extreme, # consider this carefully. @@ -2145,6 +2145,15 @@ server.storePassword = gitblit # RESTART REQUIRED server.requireClientCertificates = false +# If enabled, client certificate authentication is optional and will be tried +# first before falling-back to form authentication or basic authentication. +# +# If disabled, no client certificate authentication will be done at all. +# +# SINCE 1.8.1 +# RESTART REQUIRED +server.wantClientCertificates = false + # Port for shutdown monitor to listen on. # # SINCE 0.5.0 diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java index 06000f53..190cc5d2 100644 --- a/src/main/java/com/gitblit/GitBlitServer.java +++ b/src/main/java/com/gitblit/GitBlitServer.java @@ -292,7 +292,7 @@ public class GitBlitServer { if (params.requireClientCertificates) { factory.setNeedClientAuth(true); } else { - factory.setWantClientAuth(true); + factory.setWantClientAuth((params.wantClientCertificates)); } ServerConnector connector = new ServerConnector(server, factory); @@ -602,6 +602,9 @@ public class GitBlitServer { @Option(name = "--requireClientCertificates", usage = "Require client X509 certificates for https connections.") public Boolean requireClientCertificates = FILESETTINGS.getBoolean(Keys.server.requireClientCertificates, false); + @Option(name = "--wantClientCertificates", usage = "Ask for optional client X509 certificate for https connections. Ignored if client certificates are required.") + public Boolean wantClientCertificates = FILESETTINGS.getBoolean(Keys.server.wantClientCertificates, false); + /* * Setting overrides */ |