diff options
| -rw-r--r-- | modules/caddytls/connpolicy.go | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 2ff41f7b..2e2d4f74 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -555,16 +555,10 @@ type ClientAuthentication struct { // trust_pool <module> { // ... // } -// trusted_leaf_cert <base64_der> -// trusted_leaf_cert_file <filename> // verifier <module> // } // -// If `mode` is not provided, it defaults to `require_and_verify` if any of the following are provided: -// - `trusted_leaf_certs` -// - `trusted_leaf_cert_file` -// - `trust_pool` -// +// If `mode` is not provided, it defaults to `require_and_verify` if `trust_pool` is provided. // Otherwise, it defaults to `require`. func (ca *ClientAuthentication) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.NextArg() { @@ -768,7 +762,7 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro if len(clientauth.TrustedCACerts) > 0 || len(clientauth.TrustedCACertPEMFiles) > 0 || len(clientauth.TrustedLeafCerts) > 0 || - clientauth.CARaw != nil { + clientauth.CARaw != nil || clientauth.ca != nil { cfg.ClientAuth = tls.RequireAndVerifyClientCert } else { cfg.ClientAuth = tls.RequireAnyClientCert |