From 7a0639b514cff77fe5b149b16a6eb8f1f216443b Mon Sep 17 00:00:00 2001
From: Odd Eirik Nes <oddeirik@gmail.com>
Date: Mon, 17 Oct 2016 16:58:23 +0200
Subject: Add setting to explicitly enable or disable optional client
 certificates.

---
 src/main/java/com/gitblit/GitBlitServer.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/main/java/com/gitblit')

diff --git a/src/main/java/com/gitblit/GitBlitServer.java b/src/main/java/com/gitblit/GitBlitServer.java
index d56d9c0c..7b6cbbad 100644
--- a/src/main/java/com/gitblit/GitBlitServer.java
+++ b/src/main/java/com/gitblit/GitBlitServer.java
@@ -288,7 +288,7 @@ public class GitBlitServer {
 				if (params.requireClientCertificates) {
 					factory.setNeedClientAuth(true);
 				} else {
-					factory.setWantClientAuth(true);
+					factory.setWantClientAuth((params.wantClientCertificates));
 				}
 
 				ServerConnector connector = new ServerConnector(server, factory);
@@ -597,6 +597,9 @@ public class GitBlitServer {
 		@Option(name = "--requireClientCertificates", usage = "Require client X509 certificates for https connections.")
 		public Boolean requireClientCertificates = FILESETTINGS.getBoolean(Keys.server.requireClientCertificates, false);
 
+		@Option(name = "--wantClientCertificates", usage = "Ask for optional client X509 certificate for https connections. Ignored if client certificates are required.")
+		public Boolean wantClientCertificates = FILESETTINGS.getBoolean(Keys.server.wantClientCertificates, false);
+
 		/*
 		 * Setting overrides
 		 */
-- 
cgit v1.2.3