Allow to set client certificates via env variable

Author: jvanbruegge

README.md

@@ -191,6 +191,7 @@ HTTPS :
 - **PHPLDAPADMIN_HTTPS_CRT_FILENAME**: Apache ssl certificate filename. Defaults to `phpldapadmin.crt`
 - **PHPLDAPADMIN_HTTPS_KEY_FILENAME**: Apache ssl certificate private key filename. Defaults to `phpldapadmin.key`
 - **PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME**: Apache ssl CA certificate filename. Defaults to `ca.crt`
+- **PHPLDAPADMIN_HTTPS_VERIFY_CLIENT**: Apache client certificate configuration. Possible values are `optional`, `require`, `none`. Defaults to `optional`
 
 Reverse proxy HTTPS :
 - **PHPLDAPADMIN_TRUST_PROXY_SSL**: Set to `true` to trust X-Forwarded-Proto header

image/environment/default.yaml

@@ -12,6 +12,7 @@ PHPLDAPADMIN_HTTPS: true
 PHPLDAPADMIN_HTTPS_CRT_FILENAME: phpldapadmin.crt
 PHPLDAPADMIN_HTTPS_KEY_FILENAME: phpldapadmin.key
 PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca.crt
+PHPLDAPADMIN_HTTPS_VERIFY_CLIENT: optional
 
 PHPLDAPADMIN_TRUST_PROXY_SSL: false
 

image/service/phpldapadmin/assets/apache2/https.conf

@@ -11,6 +11,7 @@
 	SSLCertificateFile    ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CRT_FILENAME}
 	SSLCertificateKeyFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_KEY_FILENAME}
 	#SSLCACertificateFile ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME}
+	SSLVerifyClient       ${PHPLDAPADMIN_HTTPS_VERIFY_CLIENT}
 
 	Include /etc/apache2/conf-available/gzip.conf
 	Include /etc/apache2/conf-available/cache.conf