diff options
Diffstat (limited to 'contrib/tlsauth/approver.go')
| -rw-r--r-- | contrib/tlsauth/approver.go | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/contrib/tlsauth/approver.go b/contrib/tlsauth/approver.go new file mode 100644 index 0000000..064056d --- /dev/null +++ b/contrib/tlsauth/approver.go @@ -0,0 +1,17 @@ +package tlsauth + +import "crypto/x509" + +// Approver is a function that validates a certificate. +// +// It should not be have to handle a nil argument. +type Approver func(*x509.Certificate) bool + +// RequireSpecificIdentity builds an approver that demands one specific client certificate. +func RequireSpecificIdentity(identity *x509.Certificate) Approver { return identity.Equal } + +// Allow is an approver which permits anything. +func Allow(_ *x509.Certificate) bool { return true } + +// Reject is an approver which denies everything. +func Reject(_ *x509.Certificate) bool { return false } |