mirror of
https://github.com/caddyserver/caddy.git
synced 2026-02-13 09:10:54 -05:00
d42d39b4bc
Two error returns in ClientAuthentication.provision() were returning nil instead of the actual error, silently swallowing failures when converting PEM files to DER and when provisioning the CA pool. This could cause mTLS client authentication to silently fall back to the system trust store, accepting any client certificate signed by a public CA instead of restricting to the configured trust anchors.