From 41e769d6815568b9f2f7d392b85ca615c0594535 Mon Sep 17 00:00:00 2001
From: Daniel Reichelt <hacking@nachtgeist.net>
Date: Fri, 16 Sep 2016 07:50:10 +0200
Subject: [PATCH] cron/nginx: remove ssl_client_certificate

Adding the CA certificate to an nginx vhost via ssl_client_certificate is
outright wrong. Moreover, the CA certificate data is already written to
the certificate file itself (class.DomainSSL.php:83-85).

fixes #1650
---
 scripts/jobs/cron_tasks.inc.http.30.nginx.php | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
index af44aea4..ae9e5a41 100644
--- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php
+++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
@@ -628,15 +628,6 @@ class nginx extends HttpConfigBase {
     			    }
     			}
 
-    			if ($domain_or_ip['ssl_ca_file'] != '') {
-    			    // check for existence, #1485
-    			    if (!file_exists($domain_or_ip['ssl_ca_file'])) {
-    			        $this->logger->logAction(CRON_ACTION, LOG_ERR, $domain_or_ip['domain'] . ' :: certificate CA file "'.$domain_or_ip['ssl_ca_file'].'" does not exist! Cannot create ssl-directives');
-    			    } else {
-    				    $sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain_or_ip['ssl_ca_file']) . ';' . "\n";
-    			    }
-    			}
-
 			if (isset($domain_or_ip['hsts']) && $domain_or_ip['hsts'] > 0) {
     			    $vhost_content .= 'add_header Strict-Transport-Security "max-age=' . $domain_or_ip['hsts'];
     			    if ($domain_or_ip['hsts_sub'] == 1) {