From 66650e8a3af6afba44ab23ded552bb8a20224123 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Sun, 15 Mar 2015 09:51:18 +0100
Subject: [PATCH] Fix: enforce client auth on "secure"-subhost

---
 src/org/cacert/gigi/Launcher.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 56d0d4fb..4fd82c07 100644
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -131,7 +131,7 @@ public class Launcher {
             final SslContextFactory sslContextFactory = generateSSLContextFactory(conf, "www");
             final SslContextFactory secureContextFactory = generateSSLContextFactory(conf, "secure");
             secureContextFactory.setWantClientAuth(true);
-            secureContextFactory.setNeedClientAuth(false);
+            secureContextFactory.setNeedClientAuth(true);
             final SslContextFactory staticContextFactory = generateSSLContextFactory(conf, "static");
             final SslContextFactory apiContextFactory = generateSSLContextFactory(conf, "api");
             apiContextFactory.setWantClientAuth(true);
-- 
2.39.2