Skip to content

Commit 7a0639b

Browse files
oddeirikoddeirik
committed
Add setting to explicitly enable or disable optional client certificates.
1 parent a3665a6 commit 7a0639b

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

src/main/distrib/data/defaults.properties

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2059,8 +2059,8 @@ server.storePassword = gitblit
20592059
# authenticate with ssl certificates. If enabled, only https clients with the
20602060
# a valid client certificate will be able to access Gitblit.
20612061
#
2062-
# If disabled, client certificate authentication is optional and will be tried
2063-
# first before falling-back to form authentication or basic authentication.
2062+
# If disabled, optional client certificate authentication is configurable by
2063+
# server.wantClientCertificates
20642064
#
20652065
# Requiring client certificates to access any of Gitblit may be too extreme,
20662066
# consider this carefully.
@@ -2069,6 +2069,15 @@ server.storePassword = gitblit
20692069
# RESTART REQUIRED
20702070
server.requireClientCertificates = false
20712071

2072+
# If enabled, client certificate authentication is optional and will be tried
2073+
# first before falling-back to form authentication or basic authentication.
2074+
#
2075+
# If disabled, no client certificate authentication will be done at all.
2076+
#
2077+
# SINCE 1.8.1
2078+
# RESTART REQUIRED
2079+
server.wantClientCertificates = false
2080+
20722081
# Port for shutdown monitor to listen on.
20732082
#
20742083
# SINCE 0.5.0

src/main/java/com/gitblit/GitBlitServer.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -288,7 +288,7 @@ public void log(String message) {
288288
if (params.requireClientCertificates) {
289289
factory.setNeedClientAuth(true);
290290
} else {
291-
factory.setWantClientAuth(true);
291+
factory.setWantClientAuth((params.wantClientCertificates));
292292
}
293293

294294
ServerConnector connector = new ServerConnector(server, factory);
@@ -597,6 +597,9 @@ public static class Params {
597597
@Option(name = "--requireClientCertificates", usage = "Require client X509 certificates for https connections.")
598598
public Boolean requireClientCertificates = FILESETTINGS.getBoolean(Keys.server.requireClientCertificates, false);
599599

600+
@Option(name = "--wantClientCertificates", usage = "Ask for optional client X509 certificate for https connections. Ignored if client certificates are required.")
601+
public Boolean wantClientCertificates = FILESETTINGS.getBoolean(Keys.server.wantClientCertificates, false);
602+
600603
/*
601604
* Setting overrides
602605
*/

0 commit comments

Comments
 (0)