Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var RequireOU = func(allowed []string) func(name *pkix.Name) bool { return func(name *pkix.Name) bool { for _, haveOU := range name.OrganizationalUnit { for _, wantOU := range allowed { if haveOU == wantOU { return true } } } return false } }
Return a CheckCertificate function that returns true IFF one of the certificates in the list has an OrganiziationUnit exactly matching one of the ones allowed.
Functions ¶
This section is empty.
Types ¶
type X509NameVerifier ¶
type X509NameVerifier struct {
CheckCertificate func(*pkix.Name) bool
InvalidHandler http.Handler
HeaderName string
}
X509NameVerifier supports wrapping an http.Handler to check the contents of an x509 distinguished name (DN) passed in a header as from Nginx
func (*X509NameVerifier) Wrap ¶
func (v *X509NameVerifier) Wrap(h http.Handler) http.Handler
Wrap wraps an HTTP handler to check the contents of client certificates. If CheckCertificate returns true, the request will be passed to the wrapped handler. If CheckCertificate returns false, it will be passed to the InvalidHandler or, if no InvalidHandler is specified, will return an empty 403 response and log the rejected DN.
Source Files
Click to show internal directories.
Click to hide internal directories.