intermediate changes

ref:cde9a383711a11544ce7e107a78147fb96cc4029
author: Devtools Arcadia <arcadia-devtools@yandex-team.ru> 2022-02-07 18:08:42 +0300
committer: Devtools Arcadia <arcadia-devtools@mous.vla.yp-c.yandex.net> 2022-02-07 18:08:42 +0300
commit: 1110808a9d39d4b808aef724c861a2e1a38d2a69 (patch)
tree: e26c9fed0de5d9873cce7e00bc214573dc2195b7 /contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net
download: ydb-1110808a9d39d4b808aef724c861a2e1a38d2a69.tar.gz
28 files changed, 3528 insertions, 0 deletions
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h
new file mode 100644
index 0000000000..2d92c629aa
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h
@@ -0,0 +1,52 @@
+//
+// AcceptCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  AcceptCertificateHandler
+//
+// Definition of the AcceptCertificateHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_AcceptCertificateHandler_INCLUDED
+#define NetSSL_AcceptCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API AcceptCertificateHandler: public InvalidCertificateHandler
+	/// A AcceptCertificateHandler is invoked whenever an error 
+	/// occurs verifying the certificate. It always accepts
+	/// the certificate.
+	///
+	/// Should be using for testing purposes only.
+{
+public:
+	AcceptCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the AcceptCertificateHandler
+
+	virtual ~AcceptCertificateHandler();
+		/// Destroys the AcceptCertificateHandler.
+
+	void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert);
+		/// Receives the questionable certificate in parameter errorCert. If one wants to accept the
+		/// certificate, call errorCert.setIgnoreError(true).
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_AcceptCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h
new file mode 100644
index 0000000000..5e3699c3ca
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h
@@ -0,0 +1,93 @@
+//
+// CertificateHandlerFactory.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  CertificateHandlerFactory
+//
+// Definition of the CertificateHandlerFactory class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_CertificateHandlerFactory_INCLUDED
+#define NetSSL_CertificateHandlerFactory_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class InvalidCertificateHandler;
+
+
+class NetSSL_API CertificateHandlerFactory
+	/// A CertificateHandlerFactory is responsible for creating InvalidCertificateHandlers.
+	///
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) 
+	/// instead (see the documentation of InvalidCertificateHandler for an example).
+{
+public:
+	CertificateHandlerFactory();
+		/// Creates the CertificateHandlerFactory.
+
+	virtual ~CertificateHandlerFactory();
+		/// Destroys the CertificateHandlerFactory.
+
+	virtual InvalidCertificateHandler* create(bool server) const = 0;
+		/// Creates a new InvalidCertificateHandler. Set server to true if the certificate handler is used on the server side.
+};
+
+
+class NetSSL_API CertificateHandlerFactoryRegistrar
+	/// Registrar class which automatically registers CertificateHandlerFactory at the CertificateHandlerFactoryMgr.
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) 
+	/// instead (see the documentation of InvalidCertificateHandler for an example).
+{
+public:
+	CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory);
+		/// Registers the CertificateHandlerFactory with the given name at the factory manager.
+
+	virtual ~CertificateHandlerFactoryRegistrar();
+		/// Destroys the CertificateHandlerFactoryRegistrar.
+};
+
+
+template <typename T>
+class CertificateHandlerFactoryImpl: public Poco::Net::CertificateHandlerFactory
+{
+public:
+	CertificateHandlerFactoryImpl()
+	{
+	}
+
+	~CertificateHandlerFactoryImpl()
+	{
+	}
+
+	InvalidCertificateHandler* create(bool server) const
+	{
+		return new T(server);
+	}
+};
+
+
+} } // namespace Poco::Net
+
+
+// DEPRECATED: register the factory directly at the FactoryMgr:
+// Poco::Net::SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, new Poco::Net::CertificateHandlerFactoryImpl<MyConsoleHandler>());
+#define POCO_REGISTER_CHFACTORY(API, PKCLS)		\
+	static Poco::Net::CertificateHandlerFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::CertificateHandlerFactoryImpl<PKCLS>());
+
+
+#endif // NetSSL_CertificateHandlerFactory_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h
new file mode 100644
index 0000000000..e70c9060b6
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h
@@ -0,0 +1,64 @@
+//
+// CertificateHandlerFactoryMgr.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  CertificateHandlerFactoryMgr
+//
+// Definition of the CertificateHandlerFactoryMgr class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_CertificateHandlerFactoryMgr_INCLUDED
+#define NetSSL_CertificateHandlerFactoryMgr_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/CertificateHandlerFactory.h"
+#include "Poco/SharedPtr.h"
+#include <map>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API CertificateHandlerFactoryMgr
+	/// A CertificateHandlerFactoryMgr manages all existing CertificateHandlerFactories.
+{
+public:
+	typedef std::map<std::string, Poco::SharedPtr<CertificateHandlerFactory> > FactoriesMap;
+	
+	CertificateHandlerFactoryMgr();
+		/// Creates the CertificateHandlerFactoryMgr.
+
+	~CertificateHandlerFactoryMgr();
+		/// Destroys the CertificateHandlerFactoryMgr.
+
+	void setFactory(const std::string& name, CertificateHandlerFactory* pFactory);
+		/// Registers the factory. Class takes ownership of the pointer.
+		/// If a factory with the same name already exists, an exception is thrown.
+
+	bool hasFactory(const std::string& name) const;
+		/// Returns true if for the given name a factory is already registered
+	
+	const CertificateHandlerFactory* getFactory(const std::string& name) const;
+		/// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned
+
+	void removeFactory(const std::string& name);
+		/// Removes the factory from the manager. 
+
+private:
+	FactoriesMap _factories;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_CertificateHandlerFactoryMgr_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h
new file mode 100644
index 0000000000..c58962c476
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h
@@ -0,0 +1,50 @@
+//
+// ConsoleCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  ConsoleCertificateHandler
+//
+// Definition of the ConsoleCertificateHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_ConsoleCertificateHandler_INCLUDED
+#define NetSSL_ConsoleCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API ConsoleCertificateHandler: public InvalidCertificateHandler
+	/// A ConsoleCertificateHandler is invoked whenever an error occurs verifying the certificate.
+	/// 
+	/// The certificate is printed to stdout and the user is asked via console if he wants to accept it.
+{
+public:
+	ConsoleCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the ConsoleCertificateHandler.
+
+	virtual ~ConsoleCertificateHandler();
+		/// Destroys the ConsoleCertificateHandler.
+
+	void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert);
+		/// Prints the certificate to stdout and waits for user input on the console
+		/// to decide if a certificate should be accepted/rejected.
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_ConsoleCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h
new file mode 100644
index 0000000000..d66328380d
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h
@@ -0,0 +1,405 @@
+//
+// Context.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Context
+//
+// Definition of the Context class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_Context_INCLUDED
+#define NetSSL_Context_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SocketDefs.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include "Poco/Crypto/RSAKey.h"
+#include "Poco/RefCountedObject.h"
+#include "Poco/AutoPtr.h"
+#include <openssl/ssl.h>
+#include <cstdlib>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API Context: public Poco::RefCountedObject
+	/// This class encapsulates context information for
+	/// an SSL server or client, such as the certificate
+	/// verification mode and the location of certificates
+	/// and private key files, as well as the list of
+	/// supported ciphers.
+	///
+	/// The Context class is also used to control
+	/// SSL session caching on the server and client side.
+{
+public:
+	typedef Poco::AutoPtr<Context> Ptr;
+
+	enum Usage
+	{
+		CLIENT_USE, 	    /// Context is used by a client.
+		SERVER_USE,         /// Context is used by a server.
+		TLSV1_CLIENT_USE,   /// Context is used by a client requiring TLSv1.
+		TLSV1_SERVER_USE,   /// Context is used by a server requiring TLSv1.
+		TLSV1_1_CLIENT_USE, /// Context is used by a client requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
+		TLSV1_1_SERVER_USE, /// Context is used by a server requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
+		TLSV1_2_CLIENT_USE, /// Context is used by a client requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
+		TLSV1_2_SERVER_USE  /// Context is used by a server requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
+	};
+
+	enum VerificationMode
+	{
+		VERIFY_NONE    = SSL_VERIFY_NONE,
+			/// Server: The server will not send a client certificate
+			/// request to the client, so the client will not send a certificate.
+			///
+			/// Client: If not using an anonymous cipher (by default disabled),
+			/// the server will send a certificate which will be checked, but
+			/// the result of the check will be ignored.
+
+		VERIFY_RELAXED = SSL_VERIFY_PEER,
+			/// Server: The server sends a client certificate request to the
+			/// client. The certificate returned (if any) is checked.
+			/// If the verification process fails, the TLS/SSL handshake is
+			/// immediately terminated with an alert message containing the
+			/// reason for the verification failure.
+			///
+			/// Client: The server certificate is verified, if one is provided.
+			/// If the verification process fails, the TLS/SSL handshake is
+			/// immediately terminated with an alert message containing the
+			/// reason for the verification failure.
+
+		VERIFY_STRICT  = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+			/// Server: If the client did not return a certificate, the TLS/SSL
+			/// handshake is immediately terminated with a handshake failure
+			/// alert.
+			///
+			/// Client: Same as VERIFY_RELAXED.
+
+		VERIFY_ONCE    = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE
+			/// Server: Only request a client certificate on the initial
+			/// TLS/SSL handshake. Do not ask for a client certificate
+			/// again in case of a renegotiation.
+			///
+			/// Client: Same as VERIFY_RELAXED.
+	};
+
+	enum Protocols
+	{
+		PROTO_SSLV2   = 0x01,
+		PROTO_SSLV3   = 0x02,
+		PROTO_TLSV1   = 0x04,
+		PROTO_TLSV1_1 = 0x08,
+		PROTO_TLSV1_2 = 0x10
+	};
+
+	struct NetSSL_API Params
+	{
+		Params();
+			/// Initializes the struct with default values.
+
+		std::string privateKeyFile;
+			/// Path to the private key file used for encryption.
+			/// Can be empty if no private key file is used.
+
+		std::string certificateFile;
+			/// Path to the certificate file (in PEM format).
+			/// If the private key and the certificate are stored in the same file, this
+			/// can be empty if privateKeyFile is given.
+
+		std::string caLocation;
+			/// Path to the file or directory containing the CA/root certificates.
+			/// Can be empty if the OpenSSL builtin CA certificates
+			/// are used (see loadDefaultCAs).
+
+		VerificationMode verificationMode;
+			/// Specifies whether and how peer certificates are validated.
+			/// Defaults to VERIFY_RELAXED.
+
+		int verificationDepth;
+			/// Sets the upper limit for verification chain sizes. Verification
+			/// will fail if a certificate chain larger than this is encountered.
+			/// Defaults to 9.
+
+		bool loadDefaultCAs;
+			/// Specifies whether the builtin CA certificates from OpenSSL are used.
+			/// Defaults to false.
+
+		std::string cipherList;
+			/// Specifies the supported ciphers in OpenSSL notation.
+			/// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
+
+		std::string dhParamsFile;
+			/// Specifies a file containing Diffie-Hellman parameters.
+			/// If empty, the default parameters are used.
+
+		std::string ecdhCurve;
+			/// Specifies the name of the curve to use for ECDH, based
+			/// on the curve names specified in RFC 4492.
+			/// Defaults to "prime256v1".
+	};
+
+	Context(Usage usage, const Params& params);
+		/// Creates a Context using the given parameters.
+		///
+		///   * usage specifies whether the context is used by a client or server.
+		///   * params specifies the context parameters.
+
+	Context(
+		Usage usage,
+		const std::string& privateKeyFile,
+		const std::string& certificateFile,
+		const std::string& caLocation,
+		VerificationMode verificationMode = VERIFY_RELAXED,
+		int verificationDepth = 9,
+		bool loadDefaultCAs = false,
+		const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		/// Creates a Context.
+		///
+		///   * usage specifies whether the context is used by a client or server.
+		///   * privateKeyFile contains the path to the private key file used for encryption.
+		///     Can be empty if no private key file is used.
+		///   * certificateFile contains the path to the certificate file (in PEM format).
+		///     If the private key and the certificate are stored in the same file, this
+		///     can be empty if privateKeyFile is given.
+		///   * caLocation contains the path to the file or directory containing the
+		///     CA/root certificates. Can be empty if the OpenSSL builtin CA certificates
+		///     are used (see loadDefaultCAs).
+		///   * verificationMode specifies whether and how peer certificates are validated.
+		///   * verificationDepth sets the upper limit for verification chain sizes. Verification
+		///     will fail if a certificate chain larger than this is encountered.
+		///   * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used.
+		///   * cipherList specifies the supported ciphers in OpenSSL notation.
+		///
+		/// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler
+		/// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired
+		/// event must be handled.
+
+	Context(
+		Usage usage,
+		const std::string& caLocation,
+		VerificationMode verificationMode = VERIFY_RELAXED,
+		int verificationDepth = 9,
+		bool loadDefaultCAs = false,
+		const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		/// Creates a Context.
+		///
+		///   * usage specifies whether the context is used by a client or server.
+		///   * caLocation contains the path to the file or directory containing the
+		///     CA/root certificates. Can be empty if the OpenSSL builtin CA certificates
+		///     are used (see loadDefaultCAs).
+		///   * verificationMode specifies whether and how peer certificates are validated.
+		///   * verificationDepth sets the upper limit for verification chain sizes. Verification
+		///     will fail if a certificate chain larger than this is encountered.
+		///   * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used.
+		///   * cipherList specifies the supported ciphers in OpenSSL notation.
+		///
+		/// Note that a private key and/or certificate must be specified with
+		/// usePrivateKey()/useCertificate() before the Context can be used.
+
+	~Context();
+		/// Destroys the Context.
+
+	void useCertificate(const Poco::Crypto::X509Certificate& certificate);
+		/// Sets the certificate to be used by the Context.
+		///
+		/// To set-up a complete certificate chain, it might be
+		/// necessary to call addChainCertificate() to specify
+		/// additional certificates.
+		///
+		/// Note that useCertificate() must always be called before
+		/// usePrivateKey().
+
+	void addChainCertificate(const Poco::Crypto::X509Certificate& certificate);
+		/// Adds a certificate for certificate chain validation.
+
+	void addCertificateAuthority(const Poco::Crypto::X509Certificate& certificate);
+		/// Add one trusted certification authority to be used by the Context.
+
+	void usePrivateKey(const Poco::Crypto::RSAKey& key);
+		/// Sets the private key to be used by the Context.
+		///
+		/// Note that useCertificate() must always be called before
+		/// usePrivateKey().
+		///
+		/// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler
+		/// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired
+		/// event must be handled.
+
+	SSL_CTX* sslContext() const;
+		/// Returns the underlying OpenSSL SSL Context object.
+
+	Usage usage() const;
+		/// Returns whether the context is for use by a client or by a server
+		/// and whether TLSv1 is required.
+
+	bool isForServerUse() const;
+		/// Returns true iff the context is for use by a server.
+
+	Context::VerificationMode verificationMode() const;
+		/// Returns the verification mode.
+
+	void enableSessionCache(bool flag = true);
+		/// Enable or disable SSL/TLS session caching.
+		/// For session caching to work, it must be enabled
+		/// on the server, as well as on the client side.
+		///
+		/// The default is disabled session caching.
+		///
+		/// To enable session caching on the server side, use the
+		/// two-argument version of this method to specify
+		/// a session ID context.
+
+	void enableSessionCache(bool flag, const std::string& sessionIdContext);
+		/// Enables or disables SSL/TLS session caching on the server.
+		/// For session caching to work, it must be enabled
+		/// on the server, as well as on the client side.
+		///
+		/// SessionIdContext contains the application's unique
+		/// session ID context, which becomes part of each
+		/// session identifier generated by the server within this
+		/// context. SessionIdContext can be an arbitrary sequence
+		/// of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH.
+		///
+		/// A non-empty sessionIdContext should be specified even if
+		/// session caching is disabled to avoid problems with clients
+		/// requesting to reuse a session (e.g. Firefox 3.6).
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	bool sessionCacheEnabled() const;
+		/// Returns true iff the session cache is enabled.
+
+	void setSessionCacheSize(std::size_t size);
+		/// Sets the maximum size of the server session cache, in number of
+		/// sessions. The default size (according to OpenSSL documentation)
+		/// is 1024*20, which may be too large for many applications,
+		/// especially on embedded platforms with limited memory.
+		///
+		/// Specifying a size of 0 will set an unlimited cache size.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	std::size_t getSessionCacheSize() const;
+		/// Returns the current maximum size of the server session cache.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	void setSessionTimeout(long seconds);
+		/// Sets the timeout (in seconds) of cached sessions on the server.
+		/// A cached session will be removed from the cache if it has
+		/// not been used for the given number of seconds.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	long getSessionTimeout() const;
+		/// Returns the timeout (in seconds) of cached sessions on the server.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	void flushSessionCache();
+		/// Flushes the SSL session cache on the server.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	void enableExtendedCertificateVerification(bool flag = true);
+		/// Enable or disable the automatic post-connection
+		/// extended certificate verification.
+		///
+		/// See X509Certificate::verify() for more information.
+
+	bool extendedCertificateVerificationEnabled() const;
+		/// Returns true iff automatic extended certificate
+		/// verification is enabled.
+
+	void disableStatelessSessionResumption();
+		/// Newer versions of OpenSSL support RFC 4507 tickets for stateless
+		/// session resumption.
+		///
+		/// The feature can be disabled by calling this method.
+
+	void disableProtocols(int protocols);
+		/// Disables the given protocols.
+		///
+		/// The protocols to be disabled are specified by OR-ing
+		/// values from the Protocols enumeration, e.g.:
+		///
+		///   context.disableProtocols(PROTO_SSLV2 | PROTO_SSLV3);
+
+	void preferServerCiphers();
+		/// When choosing a cipher, use the server's preferences instead of the client
+		/// preferences. When not called, the SSL server will always follow the clients
+		/// preferences. When called, the SSL/TLS server will choose following its own
+		/// preferences.
+
+private:
+	void init(const Params& params);
+		/// Initializes the Context with the given parameters.
+
+	void initDH(const std::string& dhFile);
+		/// Initializes the Context with Diffie-Hellman parameters.
+
+	void initECDH(const std::string& curve);
+		/// Initializes the Context with Elliptic-Curve Diffie-Hellman key
+		/// exchange curve parameters.
+
+	void createSSLContext();
+		/// Create a SSL_CTX object according to Context configuration.
+
+	Usage _usage;
+	VerificationMode _mode;
+	SSL_CTX* _pSSLContext;
+	bool _extendedCertificateVerification;
+};
+
+
+//
+// inlines
+//
+inline Context::Usage Context::usage() const
+{
+	return _usage;
+}
+
+
+inline bool Context::isForServerUse() const
+{
+	return _usage == SERVER_USE
+		|| _usage == TLSV1_SERVER_USE
+		|| _usage == TLSV1_1_SERVER_USE
+		|| _usage == TLSV1_2_SERVER_USE;
+}
+
+
+inline Context::VerificationMode Context::verificationMode() const
+{
+	return _mode;
+}
+
+
+inline SSL_CTX* Context::sslContext() const
+{
+	return _pSSLContext;
+}
+
+
+inline bool Context::extendedCertificateVerificationEnabled() const
+{
+	return _extendedCertificateVerification;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_Context_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
new file mode 100644
index 0000000000..ff0d89994c
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
@@ -0,0 +1,165 @@
+//
+// HTTPSClientSession.h
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSClientSession
+//
+// Definition of the HTTPSClientSession class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_HTTPSClientSession_INCLUDED
+#define NetSSL_HTTPSClientSession_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/Utility.h"
+#include "Poco/Net/HTTPClientSession.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/Session.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class SecureStreamSocket;
+class HTTPRequest;
+class HTTPResponse;
+
+
+class NetSSL_API HTTPSClientSession: public HTTPClientSession
+	/// This class implements the client-side of
+	/// a HTTPS session.
+	///
+	/// To send a HTTPS request to a HTTPS server, first
+	/// instantiate a HTTPSClientSession object and
+	/// specify the server's host name and port number.
+	///
+	/// Then create a HTTPRequest object, fill it accordingly,
+	/// and pass it as argument to the sendRequest() method.
+	///
+	/// sendRequest() will return an output stream that can
+	/// be used to send the request body, if there is any.
+	///
+	/// After you are done sending the request body, create
+	/// a HTTPResponse object and pass it to receiveResponse().
+	///
+	/// This will return an input stream that can be used to
+	/// read the response body.
+	///
+	/// See RFC 2616 <http://www.faqs.org/rfcs/rfc2616.html> for more
+	/// information about the HTTP protocol.
+	///
+	/// Note that sending requests that neither contain a content length
+	/// field in the header nor are using chunked transfer encoding will
+	/// result in a SSL protocol violation, as the framework shuts down
+	/// the socket after sending the message body. No orderly SSL shutdown
+	/// will be performed in this case.
+	///
+	/// If session caching has been enabled for the Context object passed
+	/// to the HTTPSClientSession, the HTTPSClientSession class will
+	/// attempt to reuse a previously obtained Session object in
+	/// case of a reconnect.
+{
+public:
+	enum
+	{
+		HTTPS_PORT = 443
+	};
+	
+	HTTPSClientSession();
+		/// Creates an unconnected HTTPSClientSession.
+
+	explicit HTTPSClientSession(const SecureStreamSocket& socket);
+		/// Creates a HTTPSClientSession using the given socket.
+		/// The socket must not be connected. The session
+		/// takes ownership of the socket.
+
+	HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession);
+		/// Creates a HTTPSClientSession using the given socket.
+		/// The socket must not be connected. The session
+		/// takes ownership of the socket.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	HTTPSClientSession(const std::string& host, Poco::UInt16 port = HTTPS_PORT);
+		/// Creates a HTTPSClientSession using the given host and port.
+
+	explicit HTTPSClientSession(Context::Ptr pContext);
+		/// Creates an unconnected HTTPSClientSession, using the
+		/// give SSL context.
+
+	HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates an unconnected HTTPSClientSession, using the
+		/// give SSL context.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext);
+		/// Creates a HTTPSClientSession using the given host and port,
+		/// using the given SSL context.
+
+	HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a HTTPSClientSession using the given host and port,
+		/// using the given SSL context.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	~HTTPSClientSession();
+		/// Destroys the HTTPSClientSession and closes
+		/// the underlying socket.
+	
+	bool secure() const;
+		/// Return true iff the session uses SSL or TLS,
+		/// or false otherwise.
+		
+	X509Certificate serverCertificate();
+		/// Returns the server's certificate.
+		///
+		/// The certificate is available after the first request has been sent.
+		
+	Session::Ptr sslSession();
+		/// Returns the SSL Session object for the current 
+		/// connection, if session caching has been enabled for
+		/// the HTTPSClientSession's Context. A null pointer is 
+		/// returned otherwise.
+		///
+		/// The Session object can be obtained after the first request has
+		/// been sent.
+		
+	// HTTPSession
+	void abort();
+
+protected:
+	void connect(const SocketAddress& address);
+	std::string proxyRequestPrefix() const;
+	void proxyAuthenticate(HTTPRequest& request);
+	int read(char* buffer, std::streamsize length);
+
+private:
+	HTTPSClientSession(const HTTPSClientSession&);
+	HTTPSClientSession& operator = (const HTTPSClientSession&);
+	
+	Context::Ptr _pContext;
+	Session::Ptr _pSession;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_HTTPSClientSession_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h
new file mode 100644
index 0000000000..214e2819b6
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h
@@ -0,0 +1,65 @@
+//
+// HTTPSSessionInstantiator.h
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSSessionInstantiator
+//
+// Definition of the HTTPSSessionInstantiator class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Net_HTTPSSessionInstantiator_INCLUDED
+#define Net_HTTPSSessionInstantiator_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/Utility.h"
+#include "Poco/Net/HTTPSessionInstantiator.h"
+#include "Poco/URI.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API HTTPSSessionInstantiator: public HTTPSessionInstantiator
+	/// The HTTPSessionInstantiator for HTTPSClientSession.
+{
+public:
+	HTTPSSessionInstantiator();
+		/// Creates the HTTPSSessionInstantiator.
+
+	HTTPSSessionInstantiator(Context::Ptr pContext);
+		/// Creates the HTTPSSessionInstantiator using the given SSL context.
+
+	~HTTPSSessionInstantiator();
+		/// Destroys the HTTPSSessionInstantiator.
+
+	HTTPClientSession* createClientSession(const Poco::URI& uri);
+		/// Creates a HTTPSClientSession for the given URI.
+
+	static void registerInstantiator();
+		/// Registers the instantiator with the global HTTPSessionFactory.
+
+	static void registerInstantiator(Context::Ptr pContext);
+		/// Registers the instantiator with the global HTTPSessionFactory using the given SSL context.
+
+	static void unregisterInstantiator();
+		/// Unregisters the factory with the global HTTPSessionFactory.
+
+private:
+	Context::Ptr _pContext;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_HTTPSSessionInstantiator_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h
new file mode 100644
index 0000000000..2fd3515c88
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h
@@ -0,0 +1,83 @@
+//
+// HTTPSStreamFactory.h
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSStreamFactory
+//
+// Definition of the HTTPSStreamFactory class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_HTTPSStreamFactory_INCLUDED
+#define NetSSL_HTTPSStreamFactory_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/HTTPSession.h"
+#include "Poco/URIStreamFactory.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API HTTPSStreamFactory: public Poco::URIStreamFactory
+	/// An implementation of the URIStreamFactory interface
+	/// that handles secure Hyper-Text Transfer Protocol (https) URIs.
+{
+public:
+	HTTPSStreamFactory();
+		/// Creates the HTTPSStreamFactory.
+
+	HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort = HTTPSession::HTTP_PORT);
+		/// Creates the HTTPSStreamFactory.
+		///
+		/// HTTPS connections will use the given proxy.
+
+	HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort, const std::string& proxyUsername, const std::string& proxyPassword);
+		/// Creates the HTTPSStreamFactory.
+		///
+		/// HTTPS connections will use the given proxy and
+		/// will be authorized against the proxy using Basic authentication
+		/// with the given proxyUsername and proxyPassword.
+
+	~HTTPSStreamFactory();
+		/// Destroys the HTTPSStreamFactory.
+		
+	std::istream* open(const Poco::URI& uri);
+		/// Creates and opens a HTTPS stream for the given URI.
+		/// The URI must be a https://... URI.
+		///
+		/// Throws a NetException if anything goes wrong.
+		
+	static void registerFactory();
+		/// Registers the HTTPSStreamFactory with the
+		/// default URIStreamOpener instance.	
+
+	static void unregisterFactory();
+		/// Unregisters the HTTPSStreamFactory with the
+		/// default URIStreamOpener instance.	
+		
+private:
+	enum
+	{
+		MAX_REDIRECTS = 10
+	};
+	
+	std::string  _proxyHost;
+	Poco::UInt16 _proxyPort;
+	std::string  _proxyUsername;
+	std::string  _proxyPassword;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_HTTPSStreamFactory_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h
new file mode 100644
index 0000000000..e10faf3cdb
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h
@@ -0,0 +1,80 @@
+//
+// InvalidCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  InvalidCertificateHandler
+//
+// Definition of the InvalidCertificateHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_InvalidCertificateHandler_INCLUDED
+#define NetSSL_InvalidCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/VerificationErrorArgs.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API InvalidCertificateHandler
+	/// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user
+	/// to inspect and accept/reject the certificate.
+	/// One can install one's own InvalidCertificateHandler by implementing this interface. Note that
+	/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API 
+	/// and the name of your handler class is MyGuiHandler):
+	///    
+	///    #include "Poco/Net/CertificateHandlerFactory.h"
+	///    ...
+	///    POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler)
+	///
+	/// One can either set the handler directly in the startup code of the main method of ones application by calling
+	///
+	///    SSLManager::instance().initialize(mypassphraseHandler, myguiHandler, mySSLContext)
+	///
+	/// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry
+	/// under the path openSSL.invalidCertificateHandler:
+	///    
+	///    <invalidCertificateHandler>
+	///        <name>MyGuiHandler<name>
+	///        <options>
+	///            [...] // Put optional config params for the handler here
+	///        </options>
+	///    </invalidCertificateHandler>
+	///
+	/// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro.
+{
+public:
+	InvalidCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the InvalidCertificateHandler.
+		/// 
+		/// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side.
+		/// Automatically registers at one of the SSLManager::VerificationError events.
+
+	virtual ~InvalidCertificateHandler();
+		/// Destroys the InvalidCertificateHandler.
+
+	virtual void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert) = 0;
+		/// Receives the questionable certificate in parameter errorCert. If one wants to accept the
+		/// certificate, call errorCert.setIgnoreError(true).
+
+protected:
+	bool _handleErrorsOnServerSide;
+		/// Stores if the certificate handler gets invoked by the server (i.e. a client certificate is wrong)
+		/// or the client (a server certificate is wrong)
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_InvalidCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h
new file mode 100644
index 0000000000..d9483d78e0
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h
@@ -0,0 +1,47 @@
+//
+// KeyConsoleHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  KeyConsoleHandler
+//
+// Definition of the KeyConsoleHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_KeyConsoleHandler_INCLUDED
+#define NetSSL_KeyConsoleHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/PrivateKeyPassphraseHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API KeyConsoleHandler: public PrivateKeyPassphraseHandler
+	/// An implementation of PrivateKeyPassphraseHandler that
+	/// reads the key for a certificate from the console.
+{
+public:
+	KeyConsoleHandler(bool server);
+		/// Creates the KeyConsoleHandler.
+
+	~KeyConsoleHandler();
+		/// Destroys the KeyConsoleHandler.
+
+	void onPrivateKeyRequested(const void* pSender, std::string& privateKey);
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_KeyConsoleHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h
new file mode 100644
index 0000000000..274cdbff59
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h
@@ -0,0 +1,51 @@
+//
+// KeyFileHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  KeyFileHandler
+//
+// Definition of the KeyFileHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_KeyFileHandler_INCLUDED
+#define NetSSL_KeyFileHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/PrivateKeyPassphraseHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API KeyFileHandler: public PrivateKeyPassphraseHandler
+	/// An implementation of PrivateKeyPassphraseHandler that 
+	/// reads the key for a certificate from a configuration file
+	/// under the path "openSSL.privateKeyPassphraseHandler.options.password".
+{
+public:
+	KeyFileHandler(bool server);
+		/// Creates the KeyFileHandler.
+
+	virtual ~KeyFileHandler();
+		/// Destroys the KeyFileHandler.
+
+	void onPrivateKeyRequested(const void* pSender, std::string& privateKey);
+
+private:
+	static const std::string CFG_PRIV_KEY_FILE;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_KeyFileHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h
new file mode 100644
index 0000000000..ae793fde93
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h
@@ -0,0 +1,94 @@
+//
+// NetSSL.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  OpenSSL
+//
+// Basic definitions for the Poco OpenSSL library.
+// This file must be the first file included by every other OpenSSL
+// header file.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_NetSSL_INCLUDED
+#define NetSSL_NetSSL_INCLUDED
+
+
+#include "Poco/Net/Net.h"
+#include "Poco/Crypto/Crypto.h"
+
+
+//
+// The following block is the standard way of creating macros which make exporting
+// from a DLL simpler. All files within this DLL are compiled with the NetSSL_EXPORTS
+// symbol defined on the command line. this symbol should not be defined on any project
+// that uses this DLL. This way any other project whose source files include this file see
+// NetSSL_API functions as being imported from a DLL, wheras this DLL sees symbols
+// defined with this macro as being exported.
+//
+#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(POCO_DLL)
+	#if defined(NetSSL_EXPORTS)
+		#define NetSSL_API __declspec(dllexport)
+	#else
+		#define NetSSL_API __declspec(dllimport)
+	#endif
+#endif
+
+
+#if !defined(NetSSL_API)
+	#if !defined(POCO_NO_GCC_API_ATTRIBUTE) && defined (__GNUC__) && (__GNUC__ >= 4)
+		#define NetSSL_API __attribute__ ((visibility ("default")))
+	#else
+		#define NetSSL_API
+	#endif
+#endif
+
+
+//
+// Automatically link NetSSL and OpenSSL libraries.
+//
+#if defined(_MSC_VER)
+	#if !defined(POCO_NO_AUTOMATIC_LIBS)
+		#if !defined(NetSSL_EXPORTS)
+			#pragma comment(lib, "PocoNetSSL" POCO_LIB_SUFFIX)
+		#endif
+	#endif // POCO_NO_AUTOMATIC_LIBS
+#endif
+
+
+namespace Poco {
+namespace Net {
+
+
+void NetSSL_API initializeSSL();
+	/// Initialize the NetSSL library, as well as the underlying OpenSSL
+	/// libraries, by calling Poco::Crypto::OpenSSLInitializer::initialize().
+	///
+	/// Should be called before using any class from the NetSSL library.
+	/// The NetSSL will be initialized automatically, through 
+	/// Poco::Crypto::OpenSSLInitializer instances or similar mechanisms
+	/// when creating Context or SSLManager instances.
+	/// However, it is recommended to call initializeSSL()
+	/// in any case at application startup.
+	///
+	/// Can be called multiple times; however, for every call to
+	/// initializeSSL(), a matching call to uninitializeSSL()
+	/// must be performed.
+	
+
+void NetSSL_API uninitializeSSL();
+	/// Uninitializes the NetSSL library by calling 
+	/// Poco::Crypto::OpenSSLInitializer::uninitialize() and
+	/// shutting down the SSLManager.
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_NetSSL_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h
new file mode 100644
index 0000000000..9c0fa37faa
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h
@@ -0,0 +1,95 @@
+//
+// PrivateKeyFactory.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyFactory
+//
+// Definition of the PrivateKeyFactory class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_PrivateKeyFactory_INCLUDED
+#define NetSSL_PrivateKeyFactory_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class PrivateKeyPassphraseHandler;
+
+
+class NetSSL_API PrivateKeyFactory
+	/// A PrivateKeyFactory is responsible for creating PrivateKeyPassphraseHandlers.
+	///
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) 
+	/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).
+{
+public:
+	PrivateKeyFactory();
+		/// Creates the PrivateKeyFactory.
+
+	virtual ~PrivateKeyFactory();
+		/// Destroys the PrivateKeyFactory.
+
+	virtual PrivateKeyPassphraseHandler* create(bool onServer) const = 0;
+		/// Creates a new PrivateKeyPassphraseHandler
+};
+
+
+class NetSSL_API PrivateKeyFactoryRegistrar
+	/// Registrar class which automatically registers PrivateKeyFactories at the PrivateKeyFactoryMgr.
+	///
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) 
+	/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).
+
+{
+public:
+	PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory);
+		/// Registers the PrivateKeyFactory with the given name at the factory manager.
+
+	virtual ~PrivateKeyFactoryRegistrar();
+		/// Destroys the PrivateKeyFactoryRegistrar.
+};
+
+
+template<typename T>
+class PrivateKeyFactoryImpl: public Poco::Net::PrivateKeyFactory
+{
+public:
+	PrivateKeyFactoryImpl()
+	{
+	}
+
+	~PrivateKeyFactoryImpl()
+	{
+	}
+
+	PrivateKeyPassphraseHandler* create(bool server) const
+	{
+		return new T(server);
+	}
+};
+
+
+} } // namespace Poco::Net
+
+
+// DEPRECATED: register the factory directly at the FactoryMgr:
+// Poco::Net::SSLManager::instance().privateKeyFactoryMgr().setFactory(name, new Poco::Net::PrivateKeyFactoryImpl<MyKeyHandler>());
+#define POCO_REGISTER_KEYFACTORY(API, PKCLS)	\
+	static Poco::Net::PrivateKeyFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::PrivateKeyFactoryImpl<PKCLS>());
+
+
+#endif // NetSSL_PrivateKeyFactory_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h
new file mode 100644
index 0000000000..b29b37f46a
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h
@@ -0,0 +1,64 @@
+//
+// PrivateKeyFactoryMgr.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyFactoryMgr
+//
+// Definition of the PrivateKeyFactoryMgr class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_PrivateKeyFactoryMgr_INCLUDED
+#define NetSSL_PrivateKeyFactoryMgr_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/PrivateKeyFactory.h"
+#include "Poco/SharedPtr.h"
+#include <map>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API PrivateKeyFactoryMgr
+	/// A PrivateKeyFactoryMgr manages all existing PrivateKeyFactories.
+{
+public:
+	typedef std::map<std::string, Poco::SharedPtr<PrivateKeyFactory> > FactoriesMap;
+	
+	PrivateKeyFactoryMgr();
+		/// Creates the PrivateKeyFactoryMgr.
+
+	~PrivateKeyFactoryMgr();
+		/// Destroys the PrivateKeyFactoryMgr.
+
+	void setFactory(const std::string& name, PrivateKeyFactory* pFactory);
+		/// Registers the factory. Class takes ownership of the pointer.
+		/// If a factory with the same name already exists, an exception is thrown.
+
+	bool hasFactory(const std::string& name) const;
+		/// Returns true if for the given name a factory is already registered
+	
+	const PrivateKeyFactory* getFactory(const std::string& name) const;
+		/// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned
+
+	void removeFactory(const std::string& name);
+		/// Removes the factory from the manager. 
+
+private:
+	FactoriesMap _factories;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_PrivateKeyFactoryMgr_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h
new file mode 100644
index 0000000000..726703f78f
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h
@@ -0,0 +1,84 @@
+//
+// PrivateKeyPassphraseHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyPassphraseHandler
+//
+// Definition of the PrivateKeyPassphraseHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_PrivateKeyPassphraseHandler_INCLUDED
+#define NetSSL_PrivateKeyPassphraseHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API PrivateKeyPassphraseHandler
+	/// A passphrase handler is needed whenever the private key of a certificate is loaded and the certificate is protected
+	/// by a passphrase. The PrivateKeyPassphraseHandler's task is to provide that passphrase.
+	/// One can install one's own PrivateKeyPassphraseHandler by implementing this interface. Note that
+	/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API 
+	/// and the name of your handler class is MyGuiHandler):
+	///    
+	///    #include "Poco/Net/PrivateKeyFactory.h"
+	///    ...
+	///    POCO_REGISTER_KEYFACTORY(My_API, MyGuiHandler)
+	///
+	/// One can either set the handler directly in the startup code of the main method of ones application by calling
+	///
+	///    SSLManager::instance().initialize(myguiHandler, myInvalidCertificateHandler, mySSLContext)
+	///
+	/// or in case one's application extends Poco::Util::Application one can use an XML configuration and put the following entry
+	/// under the path openSSL.privateKeyPassphraseHandler:
+	///    
+	///    <privateKeyPassphraseHandler>
+	///        <name>MyGuiHandler</name>
+	///        <options>
+	///            [...] // Put optional config params for the handler here
+	///        </options>
+	///    </privateKeyPassphraseHandler>
+	///
+	/// Note that the name of the passphrase handler must be same as the one provided to the POCO_REGISTER_KEYFACTORY macro.
+{
+public:
+	PrivateKeyPassphraseHandler(bool onServerSide);
+		/// Creates the PrivateKeyPassphraseHandler. Automatically registers at the SSLManager::PrivateKeyPassword event.
+
+	virtual ~PrivateKeyPassphraseHandler();
+		/// Destroys the PrivateKeyPassphraseHandler.
+
+	virtual void onPrivateKeyRequested(const void* pSender, std::string& privateKey) = 0;
+		/// Returns the requested private key in the parameter privateKey.
+
+	bool serverSide() const;
+
+private:
+	bool _serverSide;
+};
+
+
+//
+// inlines
+//
+inline bool PrivateKeyPassphraseHandler::serverSide() const
+{
+	return _serverSide;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_PrivateKeyPassphraseHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h
new file mode 100644
index 0000000000..b170ad50b5
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h
@@ -0,0 +1,48 @@
+//
+// RejectCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  RejectCertificateHandler
+//
+// Definition of the RejectCertificateHandler class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_RejectCertificateHandler_INCLUDED
+#define NetSSL_RejectCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API RejectCertificateHandler: public InvalidCertificateHandler
+	/// A RejectCertificateHandler is invoked whenever an error 
+	/// occurs verifying the certificate. It always rejects
+	/// the certificate.
+{
+public:
+	RejectCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the RejectCertificateHandler
+
+	virtual ~RejectCertificateHandler();
+		/// Destroys the RejectCertificateHandler.
+
+	void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert);
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_RejectCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h
new file mode 100644
index 0000000000..7b8dfe79d3
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h
@@ -0,0 +1,39 @@
+//
+// SSLException.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  SSLException
+//
+// Definition of the SSLException class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SSLException_INCLUDED
+#define NetSSL_SSLException_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/NetException.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+POCO_DECLARE_EXCEPTION(NetSSL_API, SSLException, NetException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, SSLContextException, SSLException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, InvalidCertificateException, SSLException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, CertificateValidationException, SSLException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, SSLConnectionUnexpectedlyClosedException, SSLException)
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SSLException_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
new file mode 100644
index 0000000000..6d0f469295
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
@@ -0,0 +1,390 @@
+//
+// SSLManager.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  SSLManager
+//
+// Definition of the SSLManager class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SSLManager_INCLUDED
+#define NetSSL_SSLManager_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/VerificationErrorArgs.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/PrivateKeyFactoryMgr.h"
+#include "Poco/Net/CertificateHandlerFactoryMgr.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+#include "Poco/Util/AbstractConfiguration.h"
+#include "Poco/BasicEvent.h"
+#include "Poco/SharedPtr.h"
+#include "Poco/Mutex.h"
+#include <openssl/ssl.h>
+#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
+#include <openssl/fips.h>
+#endif
+
+
+namespace Poco {
+namespace Net {
+
+
+class Context;
+
+
+class NetSSL_API SSLManager
+	/// SSLManager is a singleton for holding the default server/client
+	/// Context and handling callbacks for certificate verification errors
+	/// and private key passphrases.
+	///
+	/// Proper initialization of SSLManager is critical.
+	///
+	/// SSLManager can be initialized manually, by calling initializeServer()
+	/// and/or initializeClient(), or initialization can be automatic. In the latter
+	/// case, a Poco::Util::Application instance must be available and the required
+	/// configuration properties must be set (see below).
+	///
+	/// Note that manual initialization must happen very early in the application,
+	/// before defaultClientContext() or defaultServerContext() are called.
+	///
+	/// If defaultClientContext() and defaultServerContext() are never called
+	/// in an application, initialization of SSLManager can be omitted.
+	/// However, in this case, delegates for the ServerVerificationError,
+	/// ClientVerificationError and PrivateKeyPassphraseRequired events
+	/// must be registered.
+	///
+	/// An exemplary documentation which sets either the server or client default context and creates
+	/// a PrivateKeyPassphraseHandler that reads the password from the XML file looks like this:
+	///
+	///    <AppConfig>
+	///       <openSSL>
+	///          <server|client>
+	///            <privateKeyFile>mycert.key</privateKeyFile>
+	///            <certificateFile>mycert.crt</certificateFile>
+	///            <caConfig>rootcert.pem</caConfig>
+	///            <verificationMode>none|relaxed|strict|once</verificationMode>
+	///            <verificationDepth>1..9</verificationDepth>
+	///            <loadDefaultCAFile>true|false</loadDefaultCAFile>
+	///            <cipherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cipherList>
+	///            <preferServerCiphers>true|false</preferServerCiphers>
+	///            <privateKeyPassphraseHandler>
+	///                <name>KeyFileHandler</name>
+	///                <options>
+	///                    <password>test</password>
+	///                </options>
+	///            </privateKeyPassphraseHandler>
+	///            <invalidCertificateHandler>
+	///                 <name>ConsoleCertificateHandler</name>
+	///            </invalidCertificateHandler>
+	///            <cacheSessions>true|false</cacheSessions>
+	///            <sessionIdContext>someString</sessionIdContext> <!-- server only -->
+	///            <sessionCacheSize>0..n</sessionCacheSize>       <!-- server only -->
+	///            <sessionTimeout>0..n</sessionTimeout>           <!-- server only -->
+	///            <extendedVerification>true|false</extendedVerification>
+	///            <requireTLSv1>true|false</requireTLSv1>
+	///            <requireTLSv1_1>true|false</requireTLSv1_1>
+	///            <requireTLSv1_2>true|false</requireTLSv1_2>
+	///            <disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols>
+	///            <dhParamsFile>dh.pem</dhParamsFile>
+	///            <ecdhCurve>prime256v1</ecdhCurve>
+	///          </server|client>
+	///          <fips>false</fips>
+	///       </openSSL>
+	///    </AppConfig>
+	///
+	/// Following is a list of supported configuration properties. Property names must always
+	/// be prefixed with openSSL.server or openSSL.client. Some properties are only supported
+	/// for servers.
+	///
+	///    - privateKeyFile (string): The path to the file containing the private key for the certificate
+	///      in PEM format (or containing both the private key and the certificate).
+	///    - certificateFile (string): The Path to the file containing the server's or client's certificate
+	///      in PEM format. Can be omitted if the the file given in privateKeyFile contains the certificate as well.
+	///    - caConfig (string): The path to the file or directory containing the trusted root certificates.
+	///    - verificationMode (string): Specifies whether and how peer certificates are validated (see
+	///      the Context class for details). Valid values are none, relaxed, strict, once.
+	///    - verificationDepth (integer, 1-9): Sets the upper limit for verification chain sizes. Verification
+	///      will fail if a certificate chain larger than this is encountered.
+	///    - loadDefaultCAFile (boolean): Specifies whether the builtin CA certificates from OpenSSL are used.
+	///    - cipherList (string): Specifies the supported ciphers in OpenSSL notation
+	///      (e.g. "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH").
+	///    - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the
+	///      client preferences. When not called, the SSL server will always follow the clients
+	///      preferences. When called, the SSL/TLS server will choose following its own
+	///      preferences.
+	///    - privateKeyPassphraseHandler.name (string): The name of the class (subclass of PrivateKeyPassphraseHandler)
+	///      used for obtaining the passphrase for accessing the private key.
+	///    - privateKeyPassphraseHandler.options.password (string): The password to be used by KeyFileHandler.
+	///    - invalidCertificateHandler.name: The name of the class (subclass of CertificateHandler)
+	///      used for confirming invalid certificates.
+	///    - cacheSessions (boolean): Enables or disables session caching.
+	///    - sessionIdContext (string): contains the application's unique session ID context, which becomes
+	///      part of each session identifier generated by the server. Can be an arbitrary sequence
+	///      of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. Should be specified
+	///      for a server to enable session caching. Should be specified even if session caching
+	///      is disabled to avoid problems with clients that request session caching (e.g. Firefox 3.6).
+	///      If not specified, defaults to ${application.name}.
+	///    - sessionCacheSize (integer): Sets the maximum size of the server session cache, in number of
+	///      sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too
+	///      large for many applications, especially on embedded platforms with limited memory.
+	///      Specifying a size of 0 will set an unlimited cache size.
+	///    - sessionTimeout (integer):  Sets the timeout (in seconds) of cached sessions on the server.
+	///    - extendedVerification (boolean): Enable or disable the automatic post-connection
+	///      extended certificate verification.
+	///    - requireTLSv1 (boolean): Require a TLSv1 connection.
+	///    - requireTLSv1_1 (boolean): Require a TLSv1.1 connection.
+	///    - requireTLSv1_2 (boolean): Require a TLSv1.2 connection.
+	///    - disableProtocols (string): A comma-separated list of protocols that should be
+	///      disabled. Valid protocol names are sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2.
+	///    - dhParamsFile (string): Specifies a file containing Diffie-Hellman parameters.
+	///      If not specified or empty, the default parameters are used.
+	///    - ecdhCurve (string): Specifies the name of the curve to use for ECDH, based
+	///      on the curve names specified in RFC 4492. Defaults to "prime256v1".
+	///    - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version
+	///      that this library is built against supports FIPS mode.
+{
+public:
+	typedef Poco::SharedPtr<PrivateKeyPassphraseHandler> PrivateKeyPassphraseHandlerPtr;
+	typedef Poco::SharedPtr<InvalidCertificateHandler> InvalidCertificateHandlerPtr;
+
+	Poco::BasicEvent<VerificationErrorArgs> ServerVerificationError;
+		/// Fired whenever a certificate verification error is detected by the server during a handshake.
+
+	Poco::BasicEvent<VerificationErrorArgs> ClientVerificationError;
+		/// Fired whenever a certificate verification error is detected by the client during a handshake.
+
+	Poco::BasicEvent<std::string> PrivateKeyPassphraseRequired;
+		/// Fired when a encrypted certificate is loaded. Not setting the password
+		/// in the event parameter will result in a failure to load the certificate.
+
+	static SSLManager& instance();
+		/// Returns the instance of the SSLManager singleton.
+
+	void initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrCertificateHandler, Context::Ptr ptrContext);
+		/// Initializes the server side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
+		/// is never called the SSLmanager will try to initialize its members from an application configuration.
+		///
+		/// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates
+		/// must be registered with the ServerVerificationError and PrivateKeyPassphraseRequired events.
+		///
+		/// Note: Always create the handlers (or register the corresponding event delegates) before creating
+		/// the Context, as during creation of the Context the passphrase for the private key might be needed.
+		///
+		/// Valid initialization code would be:
+		///     SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler;
+		///     SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler;
+		///     Context::Ptr pContext = new Context(Context::SERVER_USE, "any.pem", "any.pem", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		///     SSLManager::instance().initializeServer(pConsoleHandler, pInvalidCertHandler, pContext);
+
+	void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext);
+		/// Initializes the client side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
+		/// is never called the SSLmanager will try to initialize its members from an application configuration.
+		///
+		/// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates
+		/// must be registered with the ClientVerificationError and PrivateKeyPassphraseRequired events.
+		///
+		/// Note: Always create the handlers (or register the corresponding event delegates) before creating
+		/// the Context, as during creation of the Context the passphrase for the private key might be needed.
+		///
+		/// Valid initialization code would be:
+		///     SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler;
+		///     SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler;
+		///     Context::Ptr pContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		///     SSLManager::instance().initializeClient(pConsoleHandler, pInvalidCertHandler, pContext);
+
+	Context::Ptr defaultServerContext();
+		/// Returns the default Context used by the server.
+		///
+		/// Unless initializeServer() has been called, the first call to this method initializes the default Context
+		/// from the application configuration.
+
+	Context::Ptr defaultClientContext();
+		/// Returns the default Context used by the client.
+		///
+		/// Unless initializeClient() has been called, the first call to this method initializes the default Context
+		/// from the application configuration.
+
+	PrivateKeyPassphraseHandlerPtr serverPassphraseHandler();
+		/// Returns the configured passphrase handler of the server. If none is set, the method will create a default one
+		/// from an application configuration.
+
+	InvalidCertificateHandlerPtr serverCertificateHandler();
+		/// Returns an initialized certificate handler (used by the server to verify client cert) which determines how invalid certificates are treated.
+		/// If none is set, it will try to auto-initialize one from an application configuration.
+
+	PrivateKeyPassphraseHandlerPtr clientPassphraseHandler();
+		/// Returns the configured passphrase handler of the client. If none is set, the method will create a default one
+		/// from an application configuration.
+
+	InvalidCertificateHandlerPtr clientCertificateHandler();
+		/// Returns an initialized certificate handler (used by the client to verify server cert) which determines how invalid certificates are treated.
+		/// If none is set, it will try to auto-initialize one from an application configuration.
+
+	PrivateKeyFactoryMgr& privateKeyFactoryMgr();
+		/// Returns the private key factory manager which stores the
+		/// factories for the different registered passphrase handlers for private keys.
+
+	CertificateHandlerFactoryMgr& certificateHandlerFactoryMgr();
+		/// Returns the CertificateHandlerFactoryMgr which stores the
+		/// factories for the different registered certificate handlers.
+
+	static bool isFIPSEnabled();
+		// Returns true if FIPS mode is enabled, false otherwise.
+
+	void shutdown();
+		/// Shuts down the SSLManager and releases the default Context
+		/// objects. After a call to shutdown(), the SSLManager can no
+		/// longer be used.
+		///
+		/// Normally, it's not necessary to call this method directly, as this
+		/// will be called either by uninitializeSSL(), or when
+		/// the SSLManager instance is destroyed.
+
+	static const std::string CFG_SERVER_PREFIX;
+	static const std::string CFG_CLIENT_PREFIX;
+
+protected:
+	static int verifyClientCallback(int ok, X509_STORE_CTX* pStore);
+		/// The return value of this method defines how errors in
+		/// verification are handled. Return 0 to terminate the handshake,
+		/// or 1 to continue despite the error.
+
+	static int verifyServerCallback(int ok, X509_STORE_CTX* pStore);
+		/// The return value of this method defines how errors in
+		/// verification are handled. Return 0 to terminate the handshake,
+		/// or 1 to continue despite the error.
+
+	static int privateKeyPassphraseCallback(char* pBuf, int size, int flag, void* userData);
+		/// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate.
+		/// The request is delegated to the PrivatekeyPassword event. This method returns the
+		/// length of the password.
+
+	static Poco::Util::AbstractConfiguration& appConfig();
+		/// Returns the application configuration.
+		///
+		/// Throws a InvalidStateException if not application instance
+		/// is available.
+
+private:
+	SSLManager();
+		/// Creates the SSLManager.
+
+	~SSLManager();
+		/// Destroys the SSLManager.
+
+	void initDefaultContext(bool server);
+		/// Inits the default context, the first time it is accessed.
+
+	void initEvents(bool server);
+		/// Registers delegates at the events according to the configuration.
+
+	void initPassphraseHandler(bool server);
+		/// Inits the passphrase handler.
+
+	void initCertificateHandler(bool server);
+		/// Inits the certificate handler.
+
+	static int verifyCallback(bool server, int ok, X509_STORE_CTX* pStore);
+		/// The return value of this method defines how errors in
+		/// verification are handled. Return 0 to terminate the handshake,
+		/// or 1 to continue despite the error.
+
+	PrivateKeyFactoryMgr             _factoryMgr;
+	CertificateHandlerFactoryMgr     _certHandlerFactoryMgr;
+	Context::Ptr                     _ptrDefaultServerContext;
+	PrivateKeyPassphraseHandlerPtr   _ptrServerPassphraseHandler;
+	InvalidCertificateHandlerPtr     _ptrServerCertificateHandler;
+	Context::Ptr                     _ptrDefaultClientContext;
+	PrivateKeyPassphraseHandlerPtr   _ptrClientPassphraseHandler;
+	InvalidCertificateHandlerPtr     _ptrClientCertificateHandler;
+	Poco::FastMutex                  _mutex;
+
+	static const std::string CFG_PRIV_KEY_FILE;
+	static const std::string CFG_CERTIFICATE_FILE;
+	static const std::string CFG_CA_LOCATION;
+	static const std::string CFG_VER_MODE;
+	static const Context::VerificationMode VAL_VER_MODE;
+	static const std::string CFG_VER_DEPTH;
+	static const int         VAL_VER_DEPTH;
+	static const std::string CFG_ENABLE_DEFAULT_CA;
+	static const bool        VAL_ENABLE_DEFAULT_CA;
+	static const std::string CFG_CIPHER_LIST;
+	static const std::string CFG_CYPHER_LIST; // for backwards compatibility
+	static const std::string VAL_CIPHER_LIST;
+	static const std::string CFG_PREFER_SERVER_CIPHERS;
+	static const std::string CFG_DELEGATE_HANDLER;
+	static const std::string VAL_DELEGATE_HANDLER;
+	static const std::string CFG_CERTIFICATE_HANDLER;
+	static const std::string VAL_CERTIFICATE_HANDLER;
+	static const std::string CFG_CACHE_SESSIONS;
+	static const std::string CFG_SESSION_ID_CONTEXT;
+	static const std::string CFG_SESSION_CACHE_SIZE;
+	static const std::string CFG_SESSION_TIMEOUT;
+	static const std::string CFG_EXTENDED_VERIFICATION;
+	static const std::string CFG_REQUIRE_TLSV1;
+	static const std::string CFG_REQUIRE_TLSV1_1;
+	static const std::string CFG_REQUIRE_TLSV1_2;
+	static const std::string CFG_DISABLE_PROTOCOLS;
+	static const std::string CFG_DH_PARAMS_FILE;
+	static const std::string CFG_ECDH_CURVE;
+
+#ifdef OPENSSL_FIPS
+	static const std::string CFG_FIPS_MODE;
+	static const bool        VAL_FIPS_MODE;
+#endif
+
+	friend class Poco::SingletonHolder<SSLManager>;
+	friend class Context;
+};
+
+
+//
+// inlines
+//
+inline PrivateKeyFactoryMgr& SSLManager::privateKeyFactoryMgr()
+{
+	return _factoryMgr;
+}
+
+
+inline CertificateHandlerFactoryMgr& SSLManager::certificateHandlerFactoryMgr()
+{
+	return _certHandlerFactoryMgr;
+}
+
+
+inline bool SSLManager::isFIPSEnabled()
+{
+#ifdef OPENSSL_FIPS
+	return FIPS_mode() ? true : false;
+#else
+	return false;
+#endif
+}
+
+
+inline int SSLManager::verifyServerCallback(int ok, X509_STORE_CTX* pStore)
+{
+	return SSLManager::verifyCallback(true, ok, pStore);
+}
+
+
+inline int SSLManager::verifyClientCallback(int ok, X509_STORE_CTX* pStore)
+{
+	return SSLManager::verifyCallback(false, ok, pStore);
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SSLManager_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h
new file mode 100644
index 0000000000..146be2aeb5
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h
@@ -0,0 +1,96 @@
+//
+// SecureSMTPClientSession.h
+//
+// Library: NetSSL_OpenSSL
+// Package: Mail
+// Module:  SecureSMTPClientSession
+//
+// Definition of the SecureSMTPClientSession class.
+//
+// Copyright (c) 2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Net_SecureSMTPClientSession_INCLUDED
+#define Net_SecureSMTPClientSession_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SMTPClientSession.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureSMTPClientSession: public SMTPClientSession
+	/// This class implements an Simple Mail
+	/// Transfer Protocol (SMTP, RFC 2821)
+	/// client for sending e-mail messages that
+	/// supports the STARTTLS command for secure
+	/// connections.
+	///
+	/// Usage is as follows:
+	///   1. Create a SecureSMTPClientSession object.
+	///   2. Call login() or login(hostname).
+	///   3. Call startTLS() to switch to a secure connection.
+	///      Check the return value to see if a secure connection
+	///      has actually been established (not all servers may
+	///      support STARTTLS).
+	///   4. Call any of the login() methods to securely authenticate
+	///      with a username and password.
+	///   5. Send the message(s).
+{
+public:
+	explicit SecureSMTPClientSession(const StreamSocket& socket);
+		/// Creates the SecureSMTPClientSession using
+		/// the given socket, which must be connected
+		/// to a SMTP server.
+
+	SecureSMTPClientSession(const std::string& host, Poco::UInt16 port = SMTP_PORT);
+		/// Creates the SecureSMTPClientSession using a socket connected
+		/// to the given host and port.
+
+	virtual ~SecureSMTPClientSession();
+		/// Destroys the SMTPClientSession.
+
+	bool startTLS();
+		/// Sends a STARTTLS command and, if successful, 
+		/// creates a secure SSL/TLS connection over the
+		/// existing socket connection.
+		///
+		/// Must be called after login() or login(hostname).
+		/// If successful, login() can be called again
+		/// to authenticate the user.
+		///
+		/// Returns true if the STARTTLS command was successful,
+		/// false otherwise.
+
+	bool startTLS(Context::Ptr pContext);
+		/// Sends a STARTTLS command and, if successful, 
+		/// creates a secure SSL/TLS connection over the
+		/// existing socket connection.
+		///
+		/// Uses the given Context object for creating
+		/// the SSL/TLS connection.
+		///
+		/// Must be called after login() or login(hostname).
+		/// If successful, login() can be called again
+		/// to authenticate the user.
+		///
+		/// Returns true if the STARTTLS command was successful,
+		/// false otherwise.
+		
+private:
+	std::string _host;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_SecureSMTPClientSession_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h
new file mode 100644
index 0000000000..2b89c45cb9
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h
@@ -0,0 +1,136 @@
+//
+// SecureServerSocket.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureServerSocket
+//
+// Definition of the SecureServerSocket class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureServerSocket_INCLUDED
+#define NetSSL_SecureServerSocket_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/ServerSocket.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureServerSocket: public ServerSocket
+	/// A server socket for secure SSL connections.
+{
+public:
+	SecureServerSocket();
+		/// Creates a SSL server socket using the
+		/// default SSL server context.
+		///
+		/// The server socket must be bound to
+		/// an address and put into listening state.
+
+	explicit SecureServerSocket(Context::Ptr pContext);
+		/// Creates a SSL server socket, using the
+		/// given SSL context object.
+		///
+		/// The server socket must be bound to
+		/// an address and put into listening state.
+
+	SecureServerSocket(const Socket& socket);
+		/// Creates the SecureServerSocket with the SocketImpl
+		/// from another socket. The SocketImpl must be
+		/// a SecureServerSocketImpl, otherwise an InvalidArgumentException
+		/// will be thrown.
+
+	SecureServerSocket(const SocketAddress& address, int backlog = 64);
+		/// Creates a server socket using the default server SSL context,
+		/// binds it to the given address and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext);
+		/// Creates a server socket using the given SSL context, binds it
+		/// to the given address and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	SecureServerSocket(Poco::UInt16 port, int backlog = 64);
+		/// Creates a server socket using the default server SSL context,
+		/// binds it to the given port and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext);
+		/// Creates a server socket using the given SSL context, binds it
+		/// to the given port and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	virtual ~SecureServerSocket();
+		/// Destroys the StreamSocket.
+
+	SecureServerSocket& operator = (const Socket& socket);
+		/// Assignment operator.
+		///
+		/// Releases the socket's SocketImpl and
+		/// attaches the SocketImpl from the other socket and
+		/// increments the reference count of the SocketImpl.	
+
+	StreamSocket acceptConnection(SocketAddress& clientAddr);
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new SSL socket for the connection
+		/// with the client.
+		///
+		/// The client socket's address is returned in clientAddr.
+		///
+		/// No SSL handshake is performed on the new connection.
+		/// The SSL handshake will be performed the first time
+		/// sendBytes(), receiveBytes() or completeHandshake()
+		/// is called on the returned SecureStreamSocket.
+
+	StreamSocket acceptConnection();
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new SSL socket for the connection
+		/// with the client.
+		///
+		/// No SSL handshake is performed on the new connection.
+		/// The SSL handshake will be performed the first time
+		/// sendBytes(), receiveBytes() or completeHandshake()
+		/// is called on the returned SecureStreamSocket.
+
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureServerSocket_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
new file mode 100644
index 0000000000..2cf969d099
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
@@ -0,0 +1,146 @@
+//
+// SecureServerSocketImpl.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureServerSocketImpl
+//
+// Definition of the SecureServerSocketImpl class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureServerSocketImpl_INCLUDED
+#define NetSSL_SecureServerSocketImpl_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SecureSocketImpl.h"
+#include "Poco/Net/ServerSocketImpl.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureServerSocketImpl: public ServerSocketImpl
+	/// The SocketImpl class for SecureServerSocket.
+{
+public:
+	SecureServerSocketImpl(Context::Ptr pContext);
+		/// Creates the SecureServerSocketImpl using the
+		/// given SSL context object.
+
+	SocketImpl* acceptConnection(SocketAddress& clientAddr);
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new TCP socket for the connection
+		/// with the client.
+		///
+		/// The client socket's address is returned in clientAddr.
+	
+	void connect(const SocketAddress& address);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void connect(const SocketAddress& address, const Poco::Timespan& timeout);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void connectNB(const SocketAddress& address);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+		/// Bind a local address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		
+	void listen(int backlog = 64);
+		/// Puts the socket into listening state.
+		///
+		/// The socket becomes a passive socket that
+		/// can accept incoming connection requests.
+		///
+		/// The backlog argument specifies the maximum
+		/// number of connections that can be queued
+		/// for this socket.
+
+	void close();
+		/// Close the socket.
+	
+	int sendBytes(const void* buffer, int length, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int receiveBytes(void* buffer, int length, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	void sendUrgent(unsigned char data);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	bool secure() const;
+		/// Returns true iff the socket's connection is secure
+		/// (using SSL or TLS).
+		
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+
+protected:
+	~SecureServerSocketImpl();
+		/// Destroys the SecureServerSocketImpl.
+
+private:
+	SecureServerSocketImpl(const SecureServerSocketImpl&);
+	SecureServerSocketImpl& operator = (const SecureServerSocketImpl&);
+
+private:
+	SecureSocketImpl _impl;
+};
+
+
+//
+// inlines
+//
+inline Context::Ptr SecureServerSocketImpl::context() const
+{
+	return _impl.context();
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureServerSocketImpl_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
new file mode 100644
index 0000000000..8d331a3a6d
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
@@ -0,0 +1,265 @@
+//
+// SecureSocketImpl.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureSocketImpl
+//
+// Definition of the SecureSocketImpl class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureSocketImpl_INCLUDED
+#define NetSSL_SecureSocketImpl_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SocketImpl.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/X509Certificate.h"
+#include "Poco/Net/Session.h"
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+
+
+namespace Poco {
+namespace Net {
+
+
+class HostEntry;
+
+
+class NetSSL_API SecureSocketImpl
+	/// The SocketImpl for SecureStreamSocket.
+{
+public:
+	SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext);
+		/// Creates the SecureSocketImpl using an already
+		/// connected stream socket.
+
+	virtual ~SecureSocketImpl();
+		/// Destroys the SecureSocketImpl.
+
+	SocketImpl* acceptConnection(SocketAddress& clientAddr);
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new SSL socket for the connection
+		/// with the client.
+		///
+		/// The client socket's address is returned in clientAddr.
+	
+	void connect(const SocketAddress& address, bool performHandshake);
+		/// Initializes the socket and establishes a secure connection to 
+		/// the TCP server at the given address.
+		///
+		/// If performHandshake is true, the SSL handshake is performed immediately 
+		/// after establishing the connection. Otherwise, the handshake is performed
+		/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.
+
+	void connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake);
+		/// Initializes the socket, sets the socket timeout and 
+		/// establishes a secure connection to the TCP server at the given address.
+		///
+		/// If performHandshake is true, the SSL handshake is performed immediately 
+		/// after establishing the connection. Otherwise, the handshake is performed
+		/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.
+
+	void connectNB(const SocketAddress& address);
+		/// Initializes the socket and establishes a secure connection to 
+		/// the TCP server at the given address. Prior to opening the
+		/// connection the socket is set to nonblocking mode.
+
+	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+		/// Bind a local address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. SSL clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		
+	void listen(int backlog = 64);
+		/// Puts the socket into listening state.
+		///
+		/// The socket becomes a passive socket that
+		/// can accept incoming connection requests.
+		///
+		/// The backlog argument specifies the maximum
+		/// number of connections that can be queued
+		/// for this socket.
+
+	void shutdown();
+		/// Shuts down the connection by attempting
+		/// an orderly SSL shutdown, then actually
+		/// shutting down the TCP connection.
+
+	void close();
+		/// Close the socket.
+		
+	void abort();
+		/// Aborts the connection by closing the
+		/// underlying TCP connection. No orderly SSL shutdown
+		/// is performed.
+	
+	int sendBytes(const void* buffer, int length, int flags = 0);
+		/// Sends the contents of the given buffer through
+		/// the socket. Any specified flags are ignored.
+		///
+		/// Returns the number of bytes sent, which may be
+		/// less than the number of bytes specified.
+	
+	int receiveBytes(void* buffer, int length, int flags = 0);
+		/// Receives data from the socket and stores it
+		/// in buffer. Up to length bytes are received.
+		///
+		/// Returns the number of bytes received.
+		
+	int available() const;
+		/// Returns the number of bytes available from the
+		/// SSL buffer for immediate reading.
+	
+	int completeHandshake();
+		/// Completes the SSL handshake.
+		///
+		/// If the SSL connection was the result of an accept(),
+		/// the server-side handshake is completed, otherwise
+		/// a client-side handshake is performed. 
+		
+	poco_socket_t sockfd();
+		/// Returns the underlying socket descriptor.
+
+	X509* peerCertificate() const;
+		/// Returns the peer's certificate.
+		
+	Context::Ptr context() const;
+		/// Returns the SSL context used for this socket.
+
+	void verifyPeerCertificate();
+		/// Performs post-connect (or post-accept) peer certificate validation,
+		/// using the peer host name set with setPeerHostName(), or the peer's
+		/// IP address string if no peer host name has been set.
+
+	void verifyPeerCertificate(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation
+		/// using the given peer host name.
+
+	void setPeerHostName(const std::string& hostName);
+		/// Sets the peer host name for certificate validation purposes.
+		
+	const std::string& getPeerHostName() const;
+		/// Returns the peer host name.
+		
+	Session::Ptr currentSession();
+		/// Returns the SSL session of the current connection,
+		/// for reuse in a future connection (if session caching
+		/// is enabled).
+		///
+		/// If no connection is established, returns null.
+		
+	void useSession(Session::Ptr pSession);
+		/// Sets the SSL session to use for the next
+		/// connection. Setting a previously saved Session
+		/// object is necessary to enable session caching.
+		///
+		/// To remove the currently set session, a null pointer
+		/// can be given.
+		///
+		/// Must be called before connect() to be effective.
+		
+	bool sessionWasReused();
+		/// Returns true iff a reused session was negotiated during
+		/// the handshake.
+		
+protected:
+	void acceptSSL();
+		/// Performs a server-side SSL handshake and certificate verification.
+
+	void connectSSL(bool performHandshake);
+		/// Performs a client-side SSL handshake and establishes a secure 
+		/// connection over an already existing TCP connection.
+	
+	long verifyPeerCertificateImpl(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation.
+		
+	static bool isLocalHost(const std::string& hostName);
+		/// Returns true iff the given host name is the local host 
+		/// (either "localhost" or "127.0.0.1").
+
+	bool mustRetry(int rc, Poco::Timespan& remaining_time);
+		/// Returns true if the last operation should be retried,
+		/// otherwise false.
+		///
+		/// In case of an SSL_ERROR_WANT_READ error, and if the socket is 
+		/// blocking, waits for the underlying socket to become readable.
+		///
+		/// In case of an SSL_ERROR_WANT_WRITE error, and if the socket is
+		/// blocking, waits for the underlying socket to become writable.
+		///
+		/// Can also throw a Poco::TimeoutException if the socket does
+		/// not become readable or writable within the sockets
+		/// receive or send timeout.
+
+	int handleError(int rc);
+		/// Handles an SSL error by throwing an appropriate exception.
+
+	void reset();
+		/// Prepares the socket for re-use. 
+		///
+		/// After closing and resetting a socket, the socket can
+		/// be used for a new connection.
+		///
+		/// Note that simply closing a socket is not sufficient
+		/// to be able to re-use it again.
+
+	Poco::Timespan getMaxTimeout();
+
+private:	
+	SecureSocketImpl(const SecureSocketImpl&);
+	SecureSocketImpl& operator = (const SecureSocketImpl&);
+
+	SSL* _pSSL;
+	Poco::AutoPtr<SocketImpl> _pSocket;
+	Context::Ptr _pContext;
+	bool _needHandshake;
+	std::string _peerHostName;
+	Session::Ptr _pSession;
+	
+	friend class SecureStreamSocketImpl;
+};
+
+
+//
+// inlines
+//
+inline poco_socket_t SecureSocketImpl::sockfd()
+{
+	return _pSocket->sockfd();
+}
+
+
+inline Context::Ptr SecureSocketImpl::context() const
+{
+	return _pContext;
+}
+
+
+inline const std::string& SecureSocketImpl::getPeerHostName() const
+{
+	return _peerHostName;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureSocketImpl_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
new file mode 100644
index 0000000000..059be1bbee
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
@@ -0,0 +1,272 @@
+//
+// SecureStreamSocket.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureStreamSocket
+//
+// Definition of the SecureStreamSocket class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureStreamSocket_INCLUDED
+#define NetSSL_SecureStreamSocket_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/StreamSocket.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/Session.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureStreamSocket: public StreamSocket
+	/// A subclass of StreamSocket for secure SSL sockets.
+	///
+	/// A few notes about nonblocking IO:
+	/// sendBytes() and receiveBytes() can return a
+	/// negative value when using a nonblocking socket, which means 
+	/// a SSL handshake is currently in progress and more data
+	/// needs to be read or written for the handshake to continue.
+	/// If sendBytes() or receiveBytes() return ERR_SSL_WANT_WRITE,
+	/// sendBytes() must be called as soon as possible (usually, after
+	/// select() indicates that data can be written). Likewise, if
+	/// ERR_SSL_WANT_READ is returned, receiveBytes() must be called
+	/// as soon as data is available for reading (indicated by select()).
+	///
+	/// The SSL handshake is delayed until the first sendBytes() or 
+	/// receiveBytes() operation is performed on the socket. No automatic
+	/// post connection check (checking the peer certificate for a valid
+	/// hostname) is performed when using nonblocking I/O. To manually
+	/// perform peer certificate validation, call verifyPeerCertificate()
+	/// after the SSL handshake has been completed.
+{
+public:
+	enum
+	{
+		ERR_SSL_WANT_READ  = -1,
+		ERR_SSL_WANT_WRITE = -2
+	};
+	
+	SecureStreamSocket();
+		/// Creates an unconnected secure stream socket
+		/// using the default client SSL context.
+		///
+		/// Before sending or receiving data, the socket
+		/// must be connected with a call to connect().
+
+	explicit SecureStreamSocket(Context::Ptr pContext);
+		/// Creates an unconnected secure stream socket
+		/// using the given SSL context.
+		///
+		/// Before sending or receiving data, the socket
+		/// must be connected with a call to connect().
+
+	SecureStreamSocket(Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates an unconnected secure stream socket
+		/// using the given SSL context.
+		///
+		/// Before sending or receiving data, the socket
+		/// must be connected with a call to connect().
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	explicit SecureStreamSocket(const SocketAddress& address);
+		/// Creates a secure stream socket using the default 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+
+	SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+
+	SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	SecureStreamSocket(const SocketAddress& address, const std::string& hostName);
+		/// Creates a secure stream socket using the default 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given host name is used for certificate verification.
+
+	SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given host name is used for certificate verification.
+
+	SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given host name is used for certificate verification.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	SecureStreamSocket(const Socket& socket);
+		/// Creates the SecureStreamSocket with the SocketImpl
+		/// from another socket. The SocketImpl must be
+		/// a SecureStreamSocketImpl, otherwise an InvalidArgumentException
+		/// will be thrown.
+
+	virtual ~SecureStreamSocket();
+		/// Destroys the StreamSocket.
+
+	SecureStreamSocket& operator = (const Socket& socket);
+		/// Assignment operator.
+		///
+		/// Releases the socket's SocketImpl and
+		/// attaches the SocketImpl from the other socket and
+		/// increments the reference count of the SocketImpl.	
+	
+	bool havePeerCertificate() const;
+		/// Returns true iff the peer has presented a
+		/// certificate.
+
+	X509Certificate peerCertificate() const;
+		/// Returns the peer's X509 certificate.
+		///
+		/// Throws a SSLException if the peer did not
+		/// present a certificate.
+		
+	void setPeerHostName(const std::string& hostName);
+		/// Sets the peer's host name used for certificate validation.
+		
+	const std::string& getPeerHostName() const;
+		/// Returns the peer's host name used for certificate validation.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+		
+	void setLazyHandshake(bool flag = true);
+		/// Enable lazy SSL handshake. If enabled, the SSL handshake
+		/// will be performed the first time date is sent or
+		/// received over the connection.
+		
+	bool getLazyHandshake() const;
+		/// Returns true if setLazyHandshake(true) has been called.
+		
+	void verifyPeerCertificate();
+		/// Performs post-connect (or post-accept) peer certificate validation,
+		/// using the peer host name set with setPeerHostName(), or the peer's
+		/// IP address string if no peer host name has been set.
+		///
+		/// Should only be used for non-blocking connections, after the
+		/// initial SSL handshake has been performed (see completeHandshake()).
+
+	void verifyPeerCertificate(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation
+		/// using the given host name.
+		///
+		/// Should only be used for non-blocking connections, after the
+		/// initial SSL handshake has been performed (see completeHandshake()).
+		
+	int completeHandshake();
+		/// Completes the SSL handshake.
+		///
+		/// If the SSL connection was the result of an accept(),
+		/// the server-side handshake is completed, otherwise
+		/// a client-side handshake is performed.
+		///
+		/// Returns 1 if the handshake was successful, ERR_SSL_WANT_READ or
+		/// ERR_SSL_WANT_WRITE if more data is required to complete the
+		/// handshake. In this case, completeHandshake() should be called
+		/// again, after the necessary condition has been met.
+
+	Session::Ptr currentSession();
+		/// Returns the SSL session of the current connection,
+		/// for reuse in a future connection (if session caching
+		/// is enabled).
+		///
+		/// If no connection is established, returns null.
+		
+	void useSession(Session::Ptr pSession);
+		/// Sets the SSL session to use for the next
+		/// connection. Setting a previously saved Session
+		/// object is necessary to enable session caching.
+		///
+		/// To remove the currently set session, a null pointer
+		/// can be given.
+		///
+		/// Must be called before connect() to be effective.
+		
+	bool sessionWasReused();
+		/// Returns true iff a reused session was negotiated during
+		/// the handshake.
+		
+	void abort();
+		/// Aborts the SSL connection by closing the underlying
+		/// TCP connection. No orderly SSL shutdown is performed.
+		
+protected:
+	SecureStreamSocket(SocketImpl* pImpl);
+
+	friend class SecureServerSocket;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureStreamSocket_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h
new file mode 100644
index 0000000000..3b000b4758
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h
@@ -0,0 +1,303 @@
+//
+// SecureStreamSocketImpl.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureStreamSocketImpl
+//
+// Definition of the SecureStreamSocketImpl class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureStreamSocketImpl_INCLUDED
+#define NetSSL_SecureStreamSocketImpl_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SecureSocketImpl.h"
+#include "Poco/Net/StreamSocketImpl.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl
+	/// This class implements a SSL stream socket.
+{
+public:
+	SecureStreamSocketImpl(Context::Ptr pContext);
+		/// Creates the SecureStreamSocketImpl.
+
+	SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext);
+		/// Creates the SecureStreamSocketImpl.
+
+    void setSendTimeout(const Poco::Timespan& timeout);
+    void setReceiveTimeout(const Poco::Timespan& timeout);
+
+	SocketImpl* acceptConnection(SocketAddress& clientAddr);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void connect(const SocketAddress& address);
+		/// Initializes the socket and establishes a connection to 
+		/// the TCP server at the given address.
+		///
+		/// Can also be used for UDP sockets. In this case, no
+		/// connection is established. Instead, incoming and outgoing
+		/// packets are restricted to the specified address.
+
+	void connect(const SocketAddress& address, const Poco::Timespan& timeout);
+		/// Initializes the socket, sets the socket timeout and 
+		/// establishes a connection to the TCP server at the given address.
+
+	void connectNB(const SocketAddress& address);
+		/// Initializes the socket and establishes a connection to 
+		/// the TCP server at the given address. Prior to opening the
+		/// connection the socket is set to nonblocking mode.
+		
+	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+		
+	void listen(int backlog = 64);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void close();
+		/// Close the socket.
+	
+	int sendBytes(const void* buffer, int length, int flags = 0);
+		/// Sends the contents of the given buffer through
+		/// the socket. Any specified flags are ignored.
+		///
+		/// Returns the number of bytes sent, which may be
+		/// less than the number of bytes specified.
+	
+	int receiveBytes(void* buffer, int length, int flags = 0);
+		/// Receives data from the socket and stores it
+		/// in buffer. Up to length bytes are received.
+		///
+		/// Returns the number of bytes received.
+	
+	int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	void sendUrgent(unsigned char data);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	int available();
+		/// Returns the number of bytes available that can be read
+		/// without causing the socket to block.
+		///
+		/// For an SSL connection, returns the number of bytes that
+		/// can be read from the currently buffered SSL record,
+		/// before a new record is read from the underlying socket.
+
+	void shutdownReceive();
+		/// Shuts down the receiving part of the socket connection.
+		///
+		/// Since SSL does not support a half shutdown, this does
+		/// nothing.
+		
+	void shutdownSend();
+		/// Shuts down the receiving part of the socket connection.
+		///
+		/// Since SSL does not support a half shutdown, this does
+		/// nothing.
+		
+	void shutdown();
+		/// Shuts down the SSL connection.
+		
+	void abort();
+		/// Aborts the connection by closing the underlying
+		/// TCP connection. No orderly SSL shutdown is performed.
+		
+	bool secure() const;
+		/// Returns true iff the socket's connection is secure
+		/// (using SSL or TLS).
+
+	void setPeerHostName(const std::string& hostName);
+		/// Sets the peer host name for certificate validation purposes.
+		
+	const std::string& getPeerHostName() const;
+		/// Returns the peer host name.
+
+	bool havePeerCertificate() const;
+		/// Returns true iff the peer has presented a
+		/// certificate.
+
+	X509Certificate peerCertificate() const;
+		/// Returns the peer's X509 certificate.
+		///
+		/// Throws a SSLException if the peer did not
+		/// present a certificate.
+		
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+
+	void setLazyHandshake(bool flag = true);
+		/// Enable lazy SSL handshake. If enabled, the SSL handshake
+		/// will be performed the first time date is sent or
+		/// received over the connection.
+		
+	bool getLazyHandshake() const;
+		/// Returns true if setLazyHandshake(true) has been called.
+
+	void verifyPeerCertificate();
+		/// Performs post-connect (or post-accept) peer certificate validation,
+		/// using the peer's IP address as host name.
+
+	void verifyPeerCertificate(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation
+		/// using the given host name.
+
+	int completeHandshake();
+		/// Completes the SSL handshake.
+		///
+		/// If the SSL connection was the result of an accept(),
+		/// the server-side handshake is completed, otherwise
+		/// a client-side handshake is performed. 
+
+	Session::Ptr currentSession();
+		/// Returns the SSL session of the current connection,
+		/// for reuse in a future connection (if session caching
+		/// is enabled).
+		///
+		/// If no connection is established, returns null.
+		
+	void useSession(Session::Ptr pSession);
+		/// Sets the SSL session to use for the next
+		/// connection. Setting a previously saved Session
+		/// object is necessary to enable session caching.
+		///
+		/// To remove the currently set session, a null pointer
+		/// can be given.
+		///
+		/// Must be called before connect() to be effective.
+		
+	bool sessionWasReused();
+		/// Returns true iff a reused session was negotiated during
+		/// the handshake.
+		
+protected:
+	void acceptSSL();
+		/// Performs a SSL server-side handshake.
+	
+	void connectSSL();
+		/// Performs a SSL client-side handshake on an already connected TCP socket.
+	
+	~SecureStreamSocketImpl();
+		/// Destroys the SecureStreamSocketImpl.
+
+	static int lastError();
+	static void error();
+	static void error(const std::string& arg);
+	static void error(int code);
+	static void error(int code, const std::string& arg);
+
+private:
+	SecureStreamSocketImpl(const SecureStreamSocketImpl&);
+	SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&);
+
+    StreamSocketImpl * underlying_socket;
+	SecureSocketImpl _impl;
+	bool             _lazyHandshake;
+
+	friend class SecureSocketImpl;
+	friend class SecureStreamSocket;
+};
+
+
+//
+// inlines
+//
+inline const std::string& SecureStreamSocketImpl::getPeerHostName() const
+{
+	return _impl.getPeerHostName();
+}
+
+
+inline void SecureStreamSocketImpl::setPeerHostName(const std::string& peerHostName)
+{
+	_impl.setPeerHostName(peerHostName);
+}
+
+
+inline Context::Ptr SecureStreamSocketImpl::context() const
+{
+	return _impl.context();
+}
+
+
+inline Session::Ptr SecureStreamSocketImpl::currentSession()
+{
+	return _impl.currentSession();
+}
+
+	
+inline void SecureStreamSocketImpl::useSession(Session::Ptr pSession)
+{
+	_impl.useSession(pSession);
+}
+
+	
+inline bool SecureStreamSocketImpl::sessionWasReused()
+{
+	return _impl.sessionWasReused();
+}
+
+
+inline int SecureStreamSocketImpl::lastError()
+{
+	return SocketImpl::lastError();
+}
+
+
+inline void SecureStreamSocketImpl::error()
+{
+	return SocketImpl::error();
+}
+
+
+inline void SecureStreamSocketImpl::error(const std::string& arg)
+{
+	return SocketImpl::error(arg);
+}
+
+
+inline void SecureStreamSocketImpl::error(int code)
+{
+	return SocketImpl::error(code);
+}
+
+
+inline void SecureStreamSocketImpl::error(int code, const std::string& arg)
+{
+	return SocketImpl::error(code, arg);
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureStreamSocketImpl_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h
new file mode 100644
index 0000000000..cc9b2db746
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h
@@ -0,0 +1,79 @@
+//
+// Session.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Session
+//
+// Definition of the Session class.
+//
+// Copyright (c) 2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_Session_INCLUDED
+#define NetSSL_Session_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/RefCountedObject.h"
+#include "Poco/AutoPtr.h"
+#include <openssl/ssl.h>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API Session: public Poco::RefCountedObject
+	/// This class encapsulates a SSL session object
+	/// used with session caching on the client side.
+	///
+	/// For session caching to work, a client must
+	/// save the session object from an existing connection,
+	/// if it wants to reuse it with a future connection.
+{
+public:
+	typedef Poco::AutoPtr<Session> Ptr;
+
+	SSL_SESSION* sslSession() const;
+		/// Returns the stored OpenSSL SSL_SESSION object.
+
+protected:	
+	Session(SSL_SESSION* pSession);
+		/// Creates a new Session object, using the given
+		/// SSL_SESSION object. 
+		/// 
+		/// The SSL_SESSION's reference count is not changed.
+
+	~Session();
+		/// Destroys the Session.
+		///
+		/// Calls SSL_SESSION_free() on the stored
+		/// SSL_SESSION object.
+
+private:
+	Session();
+
+	SSL_SESSION* _pSession;
+	
+	friend class SecureSocketImpl;
+};
+
+
+//
+// inlines
+//
+inline SSL_SESSION* Session::sslSession() const
+{
+	return _pSession;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_Session_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h
new file mode 100644
index 0000000000..b1d0073cfa
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h
@@ -0,0 +1,52 @@
+//
+// Utility.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Utility
+//
+// Definition of the Utility class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_Utility_INCLUDED
+#define NetSSL_Utility_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API Utility
+	/// This class provides various helper functions for working
+	/// with the OpenSSL library.
+{
+public:
+	static Context::VerificationMode convertVerificationMode(const std::string& verMode);
+		/// Non-case sensitive conversion of a string to a VerificationMode enum.
+		/// If verMode is illegal an InvalidArgumentException is thrown.
+
+	static std::string convertCertificateError(long errCode);
+		/// Converts an SSL certificate handling error code into an error message.
+
+	static std::string getLastError();
+		/// Returns the last error from the error stack
+
+	static void clearErrorStack();
+		/// Clears the error stack
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_Utility_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h
new file mode 100644
index 0000000000..55ef897bb7
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h
@@ -0,0 +1,108 @@
+//
+// VerificationErrorArgs.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  VerificationErrorArgs
+//
+// Definition of the VerificationErrorArgs class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_VerificationErrorArgs_INCLUDED
+#define NetSSL_VerificationErrorArgs_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API VerificationErrorArgs
+	/// A utility class for certificate error handling.
+{
+public:
+	VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg);
+		/// Creates the VerificationErrorArgs. _ignoreError is per default set to false.
+
+	~VerificationErrorArgs();
+		/// Destroys the VerificationErrorArgs.
+
+	const X509Certificate& certificate() const;
+		/// Returns the certificate that caused the error.
+
+	int errorDepth() const;
+		/// Returns the position of the certificate in the certificate chain.
+
+	int errorNumber() const;
+		/// Returns the id of the error
+
+	const std::string& errorMessage() const;
+		/// Returns the textual presentation of the errorNumber.
+
+	void setIgnoreError(bool ignoreError);
+		/// setIgnoreError to true, if a verification error is judged non-fatal by the user.
+
+	bool getIgnoreError() const;
+		/// returns the value of _ignoreError
+
+private:
+	X509Certificate	_cert;
+	int             _errorDepth;
+	int             _errorNumber;
+	std::string     _errorMessage; /// Textual representation of the _errorNumber
+	bool            _ignoreError;
+};
+
+
+//
+// inlines
+//
+inline const X509Certificate& VerificationErrorArgs::certificate() const
+{
+	return _cert;
+}
+
+
+inline int VerificationErrorArgs::errorDepth() const
+{
+	return _errorDepth;
+}
+
+
+inline int VerificationErrorArgs::errorNumber() const
+{
+	return _errorNumber;
+}
+
+
+inline const std::string& VerificationErrorArgs::errorMessage() const
+{
+	return _errorMessage;
+}
+
+
+inline void VerificationErrorArgs::setIgnoreError(bool ignoreError)
+{
+	_ignoreError = ignoreError;
+}
+
+
+inline bool VerificationErrorArgs::getIgnoreError() const
+{
+	return _ignoreError;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_VerificationErrorArgs_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
new file mode 100644
index 0000000000..a810b29457
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
@@ -0,0 +1,102 @@
+//
+// X509Certificate.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  X509Certificate
+//
+// Definition of the X509Certificate class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_X509Certificate_INCLUDED
+#define NetSSL_X509Certificate_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SocketDefs.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include "Poco/DateTime.h"
+#include "Poco/SharedPtr.h"
+#include <set>
+
+
+namespace Poco {
+namespace Net {
+
+
+class HostEntry;
+
+
+class NetSSL_API X509Certificate: public Poco::Crypto::X509Certificate
+	/// This class extends Poco::Crypto::X509Certificate with the
+	/// feature to validate a certificate.
+{
+public:
+	explicit X509Certificate(std::istream& istr);
+		/// Creates the X509Certificate object by reading
+		/// a certificate in PEM format from a stream.
+
+	explicit X509Certificate(const std::string& path);
+		/// Creates the X509Certificate object by reading
+		/// a certificate in PEM format from a file.
+
+	explicit X509Certificate(X509* pCert);
+		/// Creates the X509Certificate from an existing
+		/// OpenSSL certificate. Ownership is taken of 
+		/// the certificate.
+
+	X509Certificate(X509* pCert, bool shared);
+		/// Creates the X509Certificate from an existing
+		/// OpenSSL certificate. Ownership is taken of 
+		/// the certificate. If shared is true, the 
+		/// certificate's reference count is incremented.
+
+	X509Certificate(const Poco::Crypto::X509Certificate& cert);
+		/// Creates the certificate by copying another one.
+
+	X509Certificate& operator = (const Poco::Crypto::X509Certificate& cert);
+		/// Assigns a certificate.
+
+	~X509Certificate();
+		/// Destroys the X509Certificate.
+
+	bool verify(const std::string& hostName) const;
+		/// Verifies the validity of the certificate against the host name.
+		///
+		/// For this check to be successful, the certificate must contain
+		/// a domain name that matches the domain name
+		/// of the host.
+		/// 
+		/// Returns true if verification succeeded, or false otherwise.
+		
+	static bool verify(const Poco::Crypto::X509Certificate& cert, const std::string& hostName);
+		/// Verifies the validity of the certificate against the host name.
+		///
+		/// For this check to be successful, the certificate must contain
+		/// a domain name that matches the domain name
+		/// of the host.
+		///
+		/// Returns true if verification succeeded, or false otherwise.
+		
+protected:
+	static bool containsWildcards(const std::string& commonName);
+	static bool matchWildcard(const std::string& alias, const std::string& hostName);
+	
+private:
+	enum
+	{
+		NAME_BUFFER_SIZE = 256
+	};
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_X509Certificate_INCLUDED
author	Devtools Arcadia <arcadia-devtools@yandex-team.ru>	2022-02-07 18:08:42 +0300
committer	Devtools Arcadia <arcadia-devtools@mous.vla.yp-c.yandex.net>	2022-02-07 18:08:42 +0300
commit	1110808a9d39d4b808aef724c861a2e1a38d2a69 (patch)
tree	e26c9fed0de5d9873cce7e00bc214573dc2195b7 /contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net
download	ydb-1110808a9d39d4b808aef724c861a2e1a38d2a69.tar.gz