package Apache::CheckCertState;
# file: Apache/CheckCertState.pm
use Apache::Constants qw(:common);

sub handler {
    my $r = shift;
    return DECLINED unless $r->is_main;
    my $state = $r->dir_config('IssuerState');
    return DECLINED unless defined $state;
    my $subr = $r->lookup_uri($r->uri);
    my $client_state = $subr->subprocess_env('SSL_CLIENT_I_DN_SP') || "";
    return OK if $client_state eq $state;
    return FORBIDDEN;
}

1;
__END__