From c2488dd4a3b563246e1f05e2132d742997408ed7 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Tue, 7 Nov 2017 08:30:57 +0800
Subject: [PATCH] client-cert-required

---
 lib/server/lejp-conf.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/server/lejp-conf.c b/lib/server/lejp-conf.c
index 8955536c..6de7a5b5 100644
--- a/lib/server/lejp-conf.c
+++ b/lib/server/lejp-conf.c
@@ -99,6 +99,7 @@ static const char * const paths_vhosts[] = {
 	"vhosts[].client-ssl-ca",
 	"vhosts[].client-ssl-ciphers",
 	"vhosts[].onlyraw",
+	"vhosts[].client-cert-required",
 };
 
 enum lejp_vhost_paths {
@@ -146,6 +147,7 @@ enum lejp_vhost_paths {
 	LEJPVP_CLIENT_SSL_CA,
 	LEJPVP_CLIENT_CIPHERS,
 	LEJPVP_FLAG_ONLYRAW,
+	LEJPVP_FLAG_CLIENT_CERT_REQUIRED,
 };
 
 static const char * const parser_errs[] = {
@@ -682,6 +684,12 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason)
 			a->info->options &= ~(LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE);
 		return 0;
 
+	case LEJPVP_FLAG_CLIENT_CERT_REQUIRED:
+		if (arg_to_bool(ctx->buf))
+			a->info->options |=
+			    LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
+		return 0;
+
 	case LEJPVP_SSL_OPTION_SET:
 		a->info->ssl_options_set |= atol(ctx->buf);
 		return 0;