diff options
| author | tjpcc <tjp@ctrl-c.club> | 2023-01-20 10:58:35 -0700 |
|---|---|---|
| committer | tjpcc <tjp@ctrl-c.club> | 2023-01-20 10:58:35 -0700 |
| commit | 8229f31f70ecdbe03d03c96cba17d6ee85397bca (patch) | |
| tree | 5c51a1bdd9366a69fd1cf03dcdd1c41e49bcb6e2 /contrib/tlsauth/approver.go | |
| parent | a1c186878d228bada894a6fd580bfc4eb9da2ffa (diff) | |
"tlsauth" contrib package
This package adds authentication middlewares via TLS client
certificates.
Diffstat (limited to 'contrib/tlsauth/approver.go')
| -rw-r--r-- | contrib/tlsauth/approver.go | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/contrib/tlsauth/approver.go b/contrib/tlsauth/approver.go new file mode 100644 index 0000000..064056d --- /dev/null +++ b/contrib/tlsauth/approver.go @@ -0,0 +1,17 @@ +package tlsauth + +import "crypto/x509" + +// Approver is a function that validates a certificate. +// +// It should not be have to handle a nil argument. +type Approver func(*x509.Certificate) bool + +// RequireSpecificIdentity builds an approver that demands one specific client certificate. +func RequireSpecificIdentity(identity *x509.Certificate) Approver { return identity.Equal } + +// Allow is an approver which permits anything. +func Allow(_ *x509.Certificate) bool { return true } + +// Reject is an approver which denies everything. +func Reject(_ *x509.Certificate) bool { return false } |