From 56ace5ce283fdfa1acb121f85db45e8872c89c8e Mon Sep 17 00:00:00 2001
From: Dan Fuhry <dan@fuhry.com>
Date: Thu, 6 Nov 2025 07:05:27 -0500
Subject: [PATCH] [mtls] add provider_anonymous

---
 mtls/provider_anonymous.go | 62 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 mtls/provider_anonymous.go

diff --git a/mtls/provider_anonymous.go b/mtls/provider_anonymous.go
new file mode 100644
index 0000000..0a0ea57
--- /dev/null
+++ b/mtls/provider_anonymous.go
@@ -0,0 +1,62 @@
+package mtls
+
+import (
+	"context"
+	"crypto"
+	"crypto/tls"
+	"crypto/x509"
+)
+
+type anonymousIdentity struct{}
+
+var _ Identity = &anonymousIdentity{}
+
+func (a *anonymousIdentity) Class() PrincipalClass {
+	return AnonymousPrincipal
+}
+
+func (a *anonymousIdentity) Name() string {
+	return "anonymous"
+}
+
+func (a *anonymousIdentity) Equals(other Identity) bool {
+	return a.Class() == other.Class() && a.Name() == other.Name()
+}
+
+func (a *anonymousIdentity) IsValid() bool {
+	return true
+}
+
+func (a *anonymousIdentity) RootCertificate() (*x509.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) IntermediateCertificates() ([]*x509.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) LeafCertificate() (*x509.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) PrivateKey() (crypto.PrivateKey, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) NewDialContextFunc() DialContextFunc {
+	return newDialContextFunc(a)
+}
+
+func (a *anonymousIdentity) newTlsCertificate() (*tls.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) TlsConfig(ctx context.Context) (*tls.Config, error) {
+	vo, err := newMTLSVerifyOpts()
+	if err != nil {
+		return nil, err
+	}
+	return &tls.Config{
+		RootCAs: vo.Roots.Clone(),
+	}, nil
+}
-- 
2.50.1