Skip to content

Commit 1df20a0

Browse files
flaixflaix
committed
Merge branch 'disable-client-certs' of github.com:oddeirik/gitblit into oddeirik-disable-client-certs
2 parents f1a20ea + 7a0639b commit 1df20a0

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

src/main/distrib/data/defaults.properties

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2135,8 +2135,8 @@ server.storePassword = gitblit
21352135
# authenticate with ssl certificates. If enabled, only https clients with the
21362136
# a valid client certificate will be able to access Gitblit.
21372137
#
2138-
# If disabled, client certificate authentication is optional and will be tried
2139-
# first before falling-back to form authentication or basic authentication.
2138+
# If disabled, optional client certificate authentication is configurable by
2139+
# server.wantClientCertificates
21402140
#
21412141
# Requiring client certificates to access any of Gitblit may be too extreme,
21422142
# consider this carefully.
@@ -2145,6 +2145,15 @@ server.storePassword = gitblit
21452145
# RESTART REQUIRED
21462146
server.requireClientCertificates = false
21472147

2148+
# If enabled, client certificate authentication is optional and will be tried
2149+
# first before falling-back to form authentication or basic authentication.
2150+
#
2151+
# If disabled, no client certificate authentication will be done at all.
2152+
#
2153+
# SINCE 1.8.1
2154+
# RESTART REQUIRED
2155+
server.wantClientCertificates = false
2156+
21482157
# Port for shutdown monitor to listen on.
21492158
#
21502159
# SINCE 0.5.0

src/main/java/com/gitblit/GitBlitServer.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -292,7 +292,7 @@ public void log(String message) {
292292
if (params.requireClientCertificates) {
293293
factory.setNeedClientAuth(true);
294294
} else {
295-
factory.setWantClientAuth(true);
295+
factory.setWantClientAuth((params.wantClientCertificates));
296296
}
297297

298298
ServerConnector connector = new ServerConnector(server, factory);
@@ -602,6 +602,9 @@ public static class Params {
602602
@Option(name = "--requireClientCertificates", usage = "Require client X509 certificates for https connections.")
603603
public Boolean requireClientCertificates = FILESETTINGS.getBoolean(Keys.server.requireClientCertificates, false);
604604

605+
@Option(name = "--wantClientCertificates", usage = "Ask for optional client X509 certificate for https connections. Ignored if client certificates are required.")
606+
public Boolean wantClientCertificates = FILESETTINGS.getBoolean(Keys.server.wantClientCertificates, false);
607+
605608
/*
606609
* Setting overrides
607610
*/

0 commit comments

Comments
 (0)