mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
Browse Source

Add setting to explicitly enable or disable optional client certificates.

pull/1138/head
Odd Eirik Nes 7 years ago
parent
a3665a6a82
commit
7a0639b514
2 changed files with 15 additions and 3 deletions
Split View Show Diff Stats
  1. 11
    2
      src/main/distrib/data/defaults.properties
  2. 4
    1
      src/main/java/com/gitblit/GitBlitServer.java

+ 11
- 2
src/main/distrib/data/defaults.properties View File

@@ -2059,8 +2059,8 @@ server.storePassword = gitblit
# authenticate with ssl certificates. If enabled, only https clients with the
# a valid client certificate will be able to access Gitblit.
#
# If disabled, client certificate authentication is optional and will be tried
# first before falling-back to form authentication or basic authentication.
# If disabled, optional client certificate authentication is configurable by
# server.wantClientCertificates
#
# Requiring client certificates to access any of Gitblit may be too extreme,
# consider this carefully.
@@ -2069,6 +2069,15 @@ server.storePassword = gitblit
# RESTART REQUIRED
server.requireClientCertificates = false

# If enabled, client certificate authentication is optional and will be tried
# first before falling-back to form authentication or basic authentication.
#
# If disabled, no client certificate authentication will be done at all.
#
# SINCE 1.8.1
# RESTART REQUIRED
server.wantClientCertificates = false

# Port for shutdown monitor to listen on.
#
# SINCE 0.5.0

+ 4
- 1
src/main/java/com/gitblit/GitBlitServer.java View File

@@ -288,7 +288,7 @@ public class GitBlitServer {
if (params.requireClientCertificates) {
factory.setNeedClientAuth(true);
} else {
factory.setWantClientAuth(true);
factory.setWantClientAuth((params.wantClientCertificates));
}

ServerConnector connector = new ServerConnector(server, factory);
@@ -597,6 +597,9 @@ public class GitBlitServer {
@Option(name = "--requireClientCertificates", usage = "Require client X509 certificates for https connections.")
public Boolean requireClientCertificates = FILESETTINGS.getBoolean(Keys.server.requireClientCertificates, false);

@Option(name = "--wantClientCertificates", usage = "Ask for optional client X509 certificate for https connections. Ignored if client certificates are required.")
public Boolean wantClientCertificates = FILESETTINGS.getBoolean(Keys.server.wantClientCertificates, false);

/*
* Setting overrides
*/

Write Preview
Loading…
Cancel
Save