• W-Mark Kubacki's avatar
    Support configuring less restrictive TLS client auth requirements · 69c2d78f
    W-Mark Kubacki authored
    Caddyfile parameter "clients" of "tls" henceforth accepts a special
    first modifier. It is one of, and effects:
    
     * request         = tls.RequestClientCert
     * require         = tls.RequireAnyClientCert
     * verify_if_given = tls.VerifyClientCertIfGiven
     * (none)          = tls.RequireAndVerifyClientCert
    
    The use-case for this is as follows: A middleware would serve items to the
    public, but if a certificate were given the middleware would permit file
    manipulation.
    
    And, in a different plugin such as a forum or blog, not verifying a client
    cert would be nice for registration: said blog would subsequently only
    compare the SPKI of a client certificate.
    69c2d78f
config.go 2.39 KB