tlsauth

Documentation

Index

• Variables
• func Allow(_ context.Context, _ *sliderule.Request) bool
• func GeminiAuth(approver Approver) sr.Middleware
• func GeminiOptionalAuth(approver Approver) sr.Middleware
• func Identity(request *sr.Request) *x509.Certificate
• func Reject(_ context.Context, _ *sliderule.Request) bool
• type Approver
  • func RequireSpecificIdentity(identity *x509.Certificate) Approver

Variables

var GeminiRequireCertificate = GeminiAuth(Allow)

GeminiRequireCertificate is a middleware that only requires a client certificate.

Functions

func Allow

func Allow(_ context.Context, _ *sliderule.Request) bool

Allow is an approver which permits anything.

func GeminiAuth

func GeminiAuth(approver Approver) sr.Middleware

GeminiAuth builds an authentication middleware from approval criteria.

If a request does not contain a client certificate it will be rejected with a "60 certificate required" response. If the client identity does not pass the approver it will be rejected with "62 certificate invalid".

func GeminiOptionalAuth

func GeminiOptionalAuth(approver Approver) sr.Middleware

GeminiOptionalAuth builds auth middleware which doesn't require an identity.

If there is no client certificate the request will pass through the middleware. It will only be rejected with "62 certificate invalid" if there *is* a client certificate, but it fails the approval.

func Identity

func Identity(request *sr.Request) *x509.Certificate

Identity returns the client certificate for the request or nil if there is none.

func Reject

func Reject(_ context.Context, _ *sliderule.Request) bool

Reject is an approver which denies everything.

Types

type Approver

type Approver func(context.Context, *sliderule.Request) bool

Approver is a function that validates a certificate.

It should not be have to handle a nil argument.

func RequireSpecificIdentity

func RequireSpecificIdentity(identity *x509.Certificate) Approver

RequireSpecificIdentity builds an approver that demands one specific client certificate.