Fix: enforce client auth on "secure"-subhost

[gigi.git] / src / org / cacert / gigi / Launcher.java

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 56d0d4fba2f17551add4113bb0689f921b9af437..4fd82c07ef808d6757c3943e00c14495b307ce10 100644 (file)
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -131,7 +131,7 @@ public class Launcher {
             final SslContextFactory sslContextFactory = generateSSLContextFactory(conf, "www");
             final SslContextFactory secureContextFactory = generateSSLContextFactory(conf, "secure");
             secureContextFactory.setWantClientAuth(true);
-            secureContextFactory.setNeedClientAuth(false);
+            secureContextFactory.setNeedClientAuth(true);
             final SslContextFactory staticContextFactory = generateSSLContextFactory(conf, "static");
             final SslContextFactory apiContextFactory = generateSSLContextFactory(conf, "api");
             apiContextFactory.setWantClientAuth(true);