package tlsauth

import "crypto/x509"

// Approver is a function that validates a certificate.
//
// It should not be have to handle a nil argument.
type Approver func(*x509.Certificate) bool

// RequireSpecificIdentity builds an approver that demands one specific client certificate.
func RequireSpecificIdentity(identity *x509.Certificate) Approver { return identity.Equal }

// Allow is an approver which permits anything.
func Allow(_ *x509.Certificate) bool { return true }

// Reject is an approver which denies everything.
func Reject(_ *x509.Certificate) bool { return false }