intermediate changes

ref:cde9a383711a11544ce7e107a78147fb96cc4029

57 files changed, 7495 insertions, 0 deletions

diff --git a/contrib/libs/poco/NetSSL_OpenSSL/.yandex_meta/licenses.list.txt b/contrib/libs/poco/NetSSL_OpenSSL/.yandex_meta/licenses.list.txt
new file mode 100644
index 0000000000..cf73a600a6
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/.yandex_meta/licenses.list.txt
@@ -0,0 +1,64 @@
+====================BSD-3-Clause====================
+  remove advertising from BSD licensed parts
+
+
+====================BSL-1.0====================
+- Changed license to Boost license
+
+
+====================BSL-1.0====================
+// SPDX-License-Identifier:	BSL-1.0
+
+
+====================BSL-1.0====================
+Boost Software License - Version 1.0 - August 17th, 2003
+
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+---------------------------------------------------------------------------
+Note:
+Individual files contain the following tag instead of the full license text.
+
+	SPDX-License-Identifier:	BSL-1.0
+
+This enables machine processing of license information based on the SPDX
+License Identifiers that are here available: http://spdx.org/licenses/
+
+====================COPYRIGHT====================
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+
+
+====================COPYRIGHT====================
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+
+
+====================COPYRIGHT====================
+// Copyright (c) 2006-2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+
+
+====================COPYRIGHT====================
+// Copyright (c) 2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h
new file mode 100644
index 0000000000..2d92c629aa
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h
@@ -0,0 +1,52 @@
+//
+// AcceptCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  AcceptCertificateHandler
+//
+// Definition of the AcceptCertificateHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_AcceptCertificateHandler_INCLUDED
+#define NetSSL_AcceptCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API AcceptCertificateHandler: public InvalidCertificateHandler
+	/// A AcceptCertificateHandler is invoked whenever an error 
+	/// occurs verifying the certificate. It always accepts
+	/// the certificate.
+	///
+	/// Should be using for testing purposes only.
+{
+public:
+	AcceptCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the AcceptCertificateHandler
+
+	virtual ~AcceptCertificateHandler();
+		/// Destroys the AcceptCertificateHandler.
+
+	void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert);
+		/// Receives the questionable certificate in parameter errorCert. If one wants to accept the
+		/// certificate, call errorCert.setIgnoreError(true).
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_AcceptCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h
new file mode 100644
index 0000000000..5e3699c3ca
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactory.h
@@ -0,0 +1,93 @@
+//
+// CertificateHandlerFactory.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  CertificateHandlerFactory
+//
+// Definition of the CertificateHandlerFactory class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_CertificateHandlerFactory_INCLUDED
+#define NetSSL_CertificateHandlerFactory_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class InvalidCertificateHandler;
+
+
+class NetSSL_API CertificateHandlerFactory
+	/// A CertificateHandlerFactory is responsible for creating InvalidCertificateHandlers.
+	///
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) 
+	/// instead (see the documentation of InvalidCertificateHandler for an example).
+{
+public:
+	CertificateHandlerFactory();
+		/// Creates the CertificateHandlerFactory.
+
+	virtual ~CertificateHandlerFactory();
+		/// Destroys the CertificateHandlerFactory.
+
+	virtual InvalidCertificateHandler* create(bool server) const = 0;
+		/// Creates a new InvalidCertificateHandler. Set server to true if the certificate handler is used on the server side.
+};
+
+
+class NetSSL_API CertificateHandlerFactoryRegistrar
+	/// Registrar class which automatically registers CertificateHandlerFactory at the CertificateHandlerFactoryMgr.
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_CHFACTORY(namespace, InvalidCertificateHandlerName) 
+	/// instead (see the documentation of InvalidCertificateHandler for an example).
+{
+public:
+	CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory);
+		/// Registers the CertificateHandlerFactory with the given name at the factory manager.
+
+	virtual ~CertificateHandlerFactoryRegistrar();
+		/// Destroys the CertificateHandlerFactoryRegistrar.
+};
+
+
+template <typename T>
+class CertificateHandlerFactoryImpl: public Poco::Net::CertificateHandlerFactory
+{
+public:
+	CertificateHandlerFactoryImpl()
+	{
+	}
+
+	~CertificateHandlerFactoryImpl()
+	{
+	}
+
+	InvalidCertificateHandler* create(bool server) const
+	{
+		return new T(server);
+	}
+};
+
+
+} } // namespace Poco::Net
+
+
+// DEPRECATED: register the factory directly at the FactoryMgr:
+// Poco::Net::SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, new Poco::Net::CertificateHandlerFactoryImpl<MyConsoleHandler>());
+#define POCO_REGISTER_CHFACTORY(API, PKCLS)		\
+	static Poco::Net::CertificateHandlerFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::CertificateHandlerFactoryImpl<PKCLS>());
+
+
+#endif // NetSSL_CertificateHandlerFactory_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h
new file mode 100644
index 0000000000..e70c9060b6
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/CertificateHandlerFactoryMgr.h
@@ -0,0 +1,64 @@
+//
+// CertificateHandlerFactoryMgr.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  CertificateHandlerFactoryMgr
+//
+// Definition of the CertificateHandlerFactoryMgr class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_CertificateHandlerFactoryMgr_INCLUDED
+#define NetSSL_CertificateHandlerFactoryMgr_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/CertificateHandlerFactory.h"
+#include "Poco/SharedPtr.h"
+#include <map>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API CertificateHandlerFactoryMgr
+	/// A CertificateHandlerFactoryMgr manages all existing CertificateHandlerFactories.
+{
+public:
+	typedef std::map<std::string, Poco::SharedPtr<CertificateHandlerFactory> > FactoriesMap;
+	
+	CertificateHandlerFactoryMgr();
+		/// Creates the CertificateHandlerFactoryMgr.
+
+	~CertificateHandlerFactoryMgr();
+		/// Destroys the CertificateHandlerFactoryMgr.
+
+	void setFactory(const std::string& name, CertificateHandlerFactory* pFactory);
+		/// Registers the factory. Class takes ownership of the pointer.
+		/// If a factory with the same name already exists, an exception is thrown.
+
+	bool hasFactory(const std::string& name) const;
+		/// Returns true if for the given name a factory is already registered
+	
+	const CertificateHandlerFactory* getFactory(const std::string& name) const;
+		/// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned
+
+	void removeFactory(const std::string& name);
+		/// Removes the factory from the manager. 
+
+private:
+	FactoriesMap _factories;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_CertificateHandlerFactoryMgr_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h
new file mode 100644
index 0000000000..c58962c476
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/ConsoleCertificateHandler.h
@@ -0,0 +1,50 @@
+//
+// ConsoleCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  ConsoleCertificateHandler
+//
+// Definition of the ConsoleCertificateHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_ConsoleCertificateHandler_INCLUDED
+#define NetSSL_ConsoleCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API ConsoleCertificateHandler: public InvalidCertificateHandler
+	/// A ConsoleCertificateHandler is invoked whenever an error occurs verifying the certificate.
+	/// 
+	/// The certificate is printed to stdout and the user is asked via console if he wants to accept it.
+{
+public:
+	ConsoleCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the ConsoleCertificateHandler.
+
+	virtual ~ConsoleCertificateHandler();
+		/// Destroys the ConsoleCertificateHandler.
+
+	void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert);
+		/// Prints the certificate to stdout and waits for user input on the console
+		/// to decide if a certificate should be accepted/rejected.
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_ConsoleCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h
new file mode 100644
index 0000000000..d66328380d
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Context.h
@@ -0,0 +1,405 @@
+//
+// Context.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Context
+//
+// Definition of the Context class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_Context_INCLUDED
+#define NetSSL_Context_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SocketDefs.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include "Poco/Crypto/RSAKey.h"
+#include "Poco/RefCountedObject.h"
+#include "Poco/AutoPtr.h"
+#include <openssl/ssl.h>
+#include <cstdlib>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API Context: public Poco::RefCountedObject
+	/// This class encapsulates context information for
+	/// an SSL server or client, such as the certificate
+	/// verification mode and the location of certificates
+	/// and private key files, as well as the list of
+	/// supported ciphers.
+	///
+	/// The Context class is also used to control
+	/// SSL session caching on the server and client side.
+{
+public:
+	typedef Poco::AutoPtr<Context> Ptr;
+
+	enum Usage
+	{
+		CLIENT_USE, 	    /// Context is used by a client.
+		SERVER_USE,         /// Context is used by a server.
+		TLSV1_CLIENT_USE,   /// Context is used by a client requiring TLSv1.
+		TLSV1_SERVER_USE,   /// Context is used by a server requiring TLSv1.
+		TLSV1_1_CLIENT_USE, /// Context is used by a client requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
+		TLSV1_1_SERVER_USE, /// Context is used by a server requiring TLSv1.1 (OpenSSL 1.0.0 or newer).
+		TLSV1_2_CLIENT_USE, /// Context is used by a client requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
+		TLSV1_2_SERVER_USE  /// Context is used by a server requiring TLSv1.2 (OpenSSL 1.0.1 or newer).
+	};
+
+	enum VerificationMode
+	{
+		VERIFY_NONE    = SSL_VERIFY_NONE,
+			/// Server: The server will not send a client certificate
+			/// request to the client, so the client will not send a certificate.
+			///
+			/// Client: If not using an anonymous cipher (by default disabled),
+			/// the server will send a certificate which will be checked, but
+			/// the result of the check will be ignored.
+
+		VERIFY_RELAXED = SSL_VERIFY_PEER,
+			/// Server: The server sends a client certificate request to the
+			/// client. The certificate returned (if any) is checked.
+			/// If the verification process fails, the TLS/SSL handshake is
+			/// immediately terminated with an alert message containing the
+			/// reason for the verification failure.
+			///
+			/// Client: The server certificate is verified, if one is provided.
+			/// If the verification process fails, the TLS/SSL handshake is
+			/// immediately terminated with an alert message containing the
+			/// reason for the verification failure.
+
+		VERIFY_STRICT  = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+			/// Server: If the client did not return a certificate, the TLS/SSL
+			/// handshake is immediately terminated with a handshake failure
+			/// alert.
+			///
+			/// Client: Same as VERIFY_RELAXED.
+
+		VERIFY_ONCE    = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE
+			/// Server: Only request a client certificate on the initial
+			/// TLS/SSL handshake. Do not ask for a client certificate
+			/// again in case of a renegotiation.
+			///
+			/// Client: Same as VERIFY_RELAXED.
+	};
+
+	enum Protocols
+	{
+		PROTO_SSLV2   = 0x01,
+		PROTO_SSLV3   = 0x02,
+		PROTO_TLSV1   = 0x04,
+		PROTO_TLSV1_1 = 0x08,
+		PROTO_TLSV1_2 = 0x10
+	};
+
+	struct NetSSL_API Params
+	{
+		Params();
+			/// Initializes the struct with default values.
+
+		std::string privateKeyFile;
+			/// Path to the private key file used for encryption.
+			/// Can be empty if no private key file is used.
+
+		std::string certificateFile;
+			/// Path to the certificate file (in PEM format).
+			/// If the private key and the certificate are stored in the same file, this
+			/// can be empty if privateKeyFile is given.
+
+		std::string caLocation;
+			/// Path to the file or directory containing the CA/root certificates.
+			/// Can be empty if the OpenSSL builtin CA certificates
+			/// are used (see loadDefaultCAs).
+
+		VerificationMode verificationMode;
+			/// Specifies whether and how peer certificates are validated.
+			/// Defaults to VERIFY_RELAXED.
+
+		int verificationDepth;
+			/// Sets the upper limit for verification chain sizes. Verification
+			/// will fail if a certificate chain larger than this is encountered.
+			/// Defaults to 9.
+
+		bool loadDefaultCAs;
+			/// Specifies whether the builtin CA certificates from OpenSSL are used.
+			/// Defaults to false.
+
+		std::string cipherList;
+			/// Specifies the supported ciphers in OpenSSL notation.
+			/// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
+
+		std::string dhParamsFile;
+			/// Specifies a file containing Diffie-Hellman parameters.
+			/// If empty, the default parameters are used.
+
+		std::string ecdhCurve;
+			/// Specifies the name of the curve to use for ECDH, based
+			/// on the curve names specified in RFC 4492.
+			/// Defaults to "prime256v1".
+	};
+
+	Context(Usage usage, const Params& params);
+		/// Creates a Context using the given parameters.
+		///
+		///   * usage specifies whether the context is used by a client or server.
+		///   * params specifies the context parameters.
+
+	Context(
+		Usage usage,
+		const std::string& privateKeyFile,
+		const std::string& certificateFile,
+		const std::string& caLocation,
+		VerificationMode verificationMode = VERIFY_RELAXED,
+		int verificationDepth = 9,
+		bool loadDefaultCAs = false,
+		const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		/// Creates a Context.
+		///
+		///   * usage specifies whether the context is used by a client or server.
+		///   * privateKeyFile contains the path to the private key file used for encryption.
+		///     Can be empty if no private key file is used.
+		///   * certificateFile contains the path to the certificate file (in PEM format).
+		///     If the private key and the certificate are stored in the same file, this
+		///     can be empty if privateKeyFile is given.
+		///   * caLocation contains the path to the file or directory containing the
+		///     CA/root certificates. Can be empty if the OpenSSL builtin CA certificates
+		///     are used (see loadDefaultCAs).
+		///   * verificationMode specifies whether and how peer certificates are validated.
+		///   * verificationDepth sets the upper limit for verification chain sizes. Verification
+		///     will fail if a certificate chain larger than this is encountered.
+		///   * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used.
+		///   * cipherList specifies the supported ciphers in OpenSSL notation.
+		///
+		/// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler
+		/// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired
+		/// event must be handled.
+
+	Context(
+		Usage usage,
+		const std::string& caLocation,
+		VerificationMode verificationMode = VERIFY_RELAXED,
+		int verificationDepth = 9,
+		bool loadDefaultCAs = false,
+		const std::string& cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		/// Creates a Context.
+		///
+		///   * usage specifies whether the context is used by a client or server.
+		///   * caLocation contains the path to the file or directory containing the
+		///     CA/root certificates. Can be empty if the OpenSSL builtin CA certificates
+		///     are used (see loadDefaultCAs).
+		///   * verificationMode specifies whether and how peer certificates are validated.
+		///   * verificationDepth sets the upper limit for verification chain sizes. Verification
+		///     will fail if a certificate chain larger than this is encountered.
+		///   * loadDefaultCAs specifies whether the builtin CA certificates from OpenSSL are used.
+		///   * cipherList specifies the supported ciphers in OpenSSL notation.
+		///
+		/// Note that a private key and/or certificate must be specified with
+		/// usePrivateKey()/useCertificate() before the Context can be used.
+
+	~Context();
+		/// Destroys the Context.
+
+	void useCertificate(const Poco::Crypto::X509Certificate& certificate);
+		/// Sets the certificate to be used by the Context.
+		///
+		/// To set-up a complete certificate chain, it might be
+		/// necessary to call addChainCertificate() to specify
+		/// additional certificates.
+		///
+		/// Note that useCertificate() must always be called before
+		/// usePrivateKey().
+
+	void addChainCertificate(const Poco::Crypto::X509Certificate& certificate);
+		/// Adds a certificate for certificate chain validation.
+
+	void addCertificateAuthority(const Poco::Crypto::X509Certificate& certificate);
+		/// Add one trusted certification authority to be used by the Context.
+
+	void usePrivateKey(const Poco::Crypto::RSAKey& key);
+		/// Sets the private key to be used by the Context.
+		///
+		/// Note that useCertificate() must always be called before
+		/// usePrivateKey().
+		///
+		/// Note: If the private key is protected by a passphrase, a PrivateKeyPassphraseHandler
+		/// must have been setup with the SSLManager, or the SSLManager's PrivateKeyPassphraseRequired
+		/// event must be handled.
+
+	SSL_CTX* sslContext() const;
+		/// Returns the underlying OpenSSL SSL Context object.
+
+	Usage usage() const;
+		/// Returns whether the context is for use by a client or by a server
+		/// and whether TLSv1 is required.
+
+	bool isForServerUse() const;
+		/// Returns true iff the context is for use by a server.
+
+	Context::VerificationMode verificationMode() const;
+		/// Returns the verification mode.
+
+	void enableSessionCache(bool flag = true);
+		/// Enable or disable SSL/TLS session caching.
+		/// For session caching to work, it must be enabled
+		/// on the server, as well as on the client side.
+		///
+		/// The default is disabled session caching.
+		///
+		/// To enable session caching on the server side, use the
+		/// two-argument version of this method to specify
+		/// a session ID context.
+
+	void enableSessionCache(bool flag, const std::string& sessionIdContext);
+		/// Enables or disables SSL/TLS session caching on the server.
+		/// For session caching to work, it must be enabled
+		/// on the server, as well as on the client side.
+		///
+		/// SessionIdContext contains the application's unique
+		/// session ID context, which becomes part of each
+		/// session identifier generated by the server within this
+		/// context. SessionIdContext can be an arbitrary sequence
+		/// of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH.
+		///
+		/// A non-empty sessionIdContext should be specified even if
+		/// session caching is disabled to avoid problems with clients
+		/// requesting to reuse a session (e.g. Firefox 3.6).
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	bool sessionCacheEnabled() const;
+		/// Returns true iff the session cache is enabled.
+
+	void setSessionCacheSize(std::size_t size);
+		/// Sets the maximum size of the server session cache, in number of
+		/// sessions. The default size (according to OpenSSL documentation)
+		/// is 1024*20, which may be too large for many applications,
+		/// especially on embedded platforms with limited memory.
+		///
+		/// Specifying a size of 0 will set an unlimited cache size.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	std::size_t getSessionCacheSize() const;
+		/// Returns the current maximum size of the server session cache.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	void setSessionTimeout(long seconds);
+		/// Sets the timeout (in seconds) of cached sessions on the server.
+		/// A cached session will be removed from the cache if it has
+		/// not been used for the given number of seconds.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	long getSessionTimeout() const;
+		/// Returns the timeout (in seconds) of cached sessions on the server.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	void flushSessionCache();
+		/// Flushes the SSL session cache on the server.
+		///
+		/// This method may only be called on SERVER_USE Context objects.
+
+	void enableExtendedCertificateVerification(bool flag = true);
+		/// Enable or disable the automatic post-connection
+		/// extended certificate verification.
+		///
+		/// See X509Certificate::verify() for more information.
+
+	bool extendedCertificateVerificationEnabled() const;
+		/// Returns true iff automatic extended certificate
+		/// verification is enabled.
+
+	void disableStatelessSessionResumption();
+		/// Newer versions of OpenSSL support RFC 4507 tickets for stateless
+		/// session resumption.
+		///
+		/// The feature can be disabled by calling this method.
+
+	void disableProtocols(int protocols);
+		/// Disables the given protocols.
+		///
+		/// The protocols to be disabled are specified by OR-ing
+		/// values from the Protocols enumeration, e.g.:
+		///
+		///   context.disableProtocols(PROTO_SSLV2 | PROTO_SSLV3);
+
+	void preferServerCiphers();
+		/// When choosing a cipher, use the server's preferences instead of the client
+		/// preferences. When not called, the SSL server will always follow the clients
+		/// preferences. When called, the SSL/TLS server will choose following its own
+		/// preferences.
+
+private:
+	void init(const Params& params);
+		/// Initializes the Context with the given parameters.
+
+	void initDH(const std::string& dhFile);
+		/// Initializes the Context with Diffie-Hellman parameters.
+
+	void initECDH(const std::string& curve);
+		/// Initializes the Context with Elliptic-Curve Diffie-Hellman key
+		/// exchange curve parameters.
+
+	void createSSLContext();
+		/// Create a SSL_CTX object according to Context configuration.
+
+	Usage _usage;
+	VerificationMode _mode;
+	SSL_CTX* _pSSLContext;
+	bool _extendedCertificateVerification;
+};
+
+
+//
+// inlines
+//
+inline Context::Usage Context::usage() const
+{
+	return _usage;
+}
+
+
+inline bool Context::isForServerUse() const
+{
+	return _usage == SERVER_USE
+		|| _usage == TLSV1_SERVER_USE
+		|| _usage == TLSV1_1_SERVER_USE
+		|| _usage == TLSV1_2_SERVER_USE;
+}
+
+
+inline Context::VerificationMode Context::verificationMode() const
+{
+	return _mode;
+}
+
+
+inline SSL_CTX* Context::sslContext() const
+{
+	return _pSSLContext;
+}
+
+
+inline bool Context::extendedCertificateVerificationEnabled() const
+{
+	return _extendedCertificateVerification;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_Context_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
new file mode 100644
index 0000000000..ff0d89994c
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSClientSession.h
@@ -0,0 +1,165 @@
+//
+// HTTPSClientSession.h
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSClientSession
+//
+// Definition of the HTTPSClientSession class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_HTTPSClientSession_INCLUDED
+#define NetSSL_HTTPSClientSession_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/Utility.h"
+#include "Poco/Net/HTTPClientSession.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/Session.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class SecureStreamSocket;
+class HTTPRequest;
+class HTTPResponse;
+
+
+class NetSSL_API HTTPSClientSession: public HTTPClientSession
+	/// This class implements the client-side of
+	/// a HTTPS session.
+	///
+	/// To send a HTTPS request to a HTTPS server, first
+	/// instantiate a HTTPSClientSession object and
+	/// specify the server's host name and port number.
+	///
+	/// Then create a HTTPRequest object, fill it accordingly,
+	/// and pass it as argument to the sendRequest() method.
+	///
+	/// sendRequest() will return an output stream that can
+	/// be used to send the request body, if there is any.
+	///
+	/// After you are done sending the request body, create
+	/// a HTTPResponse object and pass it to receiveResponse().
+	///
+	/// This will return an input stream that can be used to
+	/// read the response body.
+	///
+	/// See RFC 2616 <http://www.faqs.org/rfcs/rfc2616.html> for more
+	/// information about the HTTP protocol.
+	///
+	/// Note that sending requests that neither contain a content length
+	/// field in the header nor are using chunked transfer encoding will
+	/// result in a SSL protocol violation, as the framework shuts down
+	/// the socket after sending the message body. No orderly SSL shutdown
+	/// will be performed in this case.
+	///
+	/// If session caching has been enabled for the Context object passed
+	/// to the HTTPSClientSession, the HTTPSClientSession class will
+	/// attempt to reuse a previously obtained Session object in
+	/// case of a reconnect.
+{
+public:
+	enum
+	{
+		HTTPS_PORT = 443
+	};
+	
+	HTTPSClientSession();
+		/// Creates an unconnected HTTPSClientSession.
+
+	explicit HTTPSClientSession(const SecureStreamSocket& socket);
+		/// Creates a HTTPSClientSession using the given socket.
+		/// The socket must not be connected. The session
+		/// takes ownership of the socket.
+
+	HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession);
+		/// Creates a HTTPSClientSession using the given socket.
+		/// The socket must not be connected. The session
+		/// takes ownership of the socket.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	HTTPSClientSession(const std::string& host, Poco::UInt16 port = HTTPS_PORT);
+		/// Creates a HTTPSClientSession using the given host and port.
+
+	explicit HTTPSClientSession(Context::Ptr pContext);
+		/// Creates an unconnected HTTPSClientSession, using the
+		/// give SSL context.
+
+	HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates an unconnected HTTPSClientSession, using the
+		/// give SSL context.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext);
+		/// Creates a HTTPSClientSession using the given host and port,
+		/// using the given SSL context.
+
+	HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a HTTPSClientSession using the given host and port,
+		/// using the given SSL context.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	~HTTPSClientSession();
+		/// Destroys the HTTPSClientSession and closes
+		/// the underlying socket.
+	
+	bool secure() const;
+		/// Return true iff the session uses SSL or TLS,
+		/// or false otherwise.
+		
+	X509Certificate serverCertificate();
+		/// Returns the server's certificate.
+		///
+		/// The certificate is available after the first request has been sent.
+		
+	Session::Ptr sslSession();
+		/// Returns the SSL Session object for the current 
+		/// connection, if session caching has been enabled for
+		/// the HTTPSClientSession's Context. A null pointer is 
+		/// returned otherwise.
+		///
+		/// The Session object can be obtained after the first request has
+		/// been sent.
+		
+	// HTTPSession
+	void abort();
+
+protected:
+	void connect(const SocketAddress& address);
+	std::string proxyRequestPrefix() const;
+	void proxyAuthenticate(HTTPRequest& request);
+	int read(char* buffer, std::streamsize length);
+
+private:
+	HTTPSClientSession(const HTTPSClientSession&);
+	HTTPSClientSession& operator = (const HTTPSClientSession&);
+	
+	Context::Ptr _pContext;
+	Session::Ptr _pSession;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_HTTPSClientSession_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h
new file mode 100644
index 0000000000..214e2819b6
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSSessionInstantiator.h
@@ -0,0 +1,65 @@
+//
+// HTTPSSessionInstantiator.h
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSSessionInstantiator
+//
+// Definition of the HTTPSSessionInstantiator class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Net_HTTPSSessionInstantiator_INCLUDED
+#define Net_HTTPSSessionInstantiator_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/Utility.h"
+#include "Poco/Net/HTTPSessionInstantiator.h"
+#include "Poco/URI.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API HTTPSSessionInstantiator: public HTTPSessionInstantiator
+	/// The HTTPSessionInstantiator for HTTPSClientSession.
+{
+public:
+	HTTPSSessionInstantiator();
+		/// Creates the HTTPSSessionInstantiator.
+
+	HTTPSSessionInstantiator(Context::Ptr pContext);
+		/// Creates the HTTPSSessionInstantiator using the given SSL context.
+
+	~HTTPSSessionInstantiator();
+		/// Destroys the HTTPSSessionInstantiator.
+
+	HTTPClientSession* createClientSession(const Poco::URI& uri);
+		/// Creates a HTTPSClientSession for the given URI.
+
+	static void registerInstantiator();
+		/// Registers the instantiator with the global HTTPSessionFactory.
+
+	static void registerInstantiator(Context::Ptr pContext);
+		/// Registers the instantiator with the global HTTPSessionFactory using the given SSL context.
+
+	static void unregisterInstantiator();
+		/// Unregisters the factory with the global HTTPSessionFactory.
+
+private:
+	Context::Ptr _pContext;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_HTTPSSessionInstantiator_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h
new file mode 100644
index 0000000000..2fd3515c88
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/HTTPSStreamFactory.h
@@ -0,0 +1,83 @@
+//
+// HTTPSStreamFactory.h
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSStreamFactory
+//
+// Definition of the HTTPSStreamFactory class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_HTTPSStreamFactory_INCLUDED
+#define NetSSL_HTTPSStreamFactory_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/HTTPSession.h"
+#include "Poco/URIStreamFactory.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API HTTPSStreamFactory: public Poco::URIStreamFactory
+	/// An implementation of the URIStreamFactory interface
+	/// that handles secure Hyper-Text Transfer Protocol (https) URIs.
+{
+public:
+	HTTPSStreamFactory();
+		/// Creates the HTTPSStreamFactory.
+
+	HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort = HTTPSession::HTTP_PORT);
+		/// Creates the HTTPSStreamFactory.
+		///
+		/// HTTPS connections will use the given proxy.
+
+	HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort, const std::string& proxyUsername, const std::string& proxyPassword);
+		/// Creates the HTTPSStreamFactory.
+		///
+		/// HTTPS connections will use the given proxy and
+		/// will be authorized against the proxy using Basic authentication
+		/// with the given proxyUsername and proxyPassword.
+
+	~HTTPSStreamFactory();
+		/// Destroys the HTTPSStreamFactory.
+		
+	std::istream* open(const Poco::URI& uri);
+		/// Creates and opens a HTTPS stream for the given URI.
+		/// The URI must be a https://... URI.
+		///
+		/// Throws a NetException if anything goes wrong.
+		
+	static void registerFactory();
+		/// Registers the HTTPSStreamFactory with the
+		/// default URIStreamOpener instance.	
+
+	static void unregisterFactory();
+		/// Unregisters the HTTPSStreamFactory with the
+		/// default URIStreamOpener instance.	
+		
+private:
+	enum
+	{
+		MAX_REDIRECTS = 10
+	};
+	
+	std::string  _proxyHost;
+	Poco::UInt16 _proxyPort;
+	std::string  _proxyUsername;
+	std::string  _proxyPassword;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_HTTPSStreamFactory_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h
new file mode 100644
index 0000000000..e10faf3cdb
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h
@@ -0,0 +1,80 @@
+//
+// InvalidCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  InvalidCertificateHandler
+//
+// Definition of the InvalidCertificateHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_InvalidCertificateHandler_INCLUDED
+#define NetSSL_InvalidCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/VerificationErrorArgs.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API InvalidCertificateHandler
+	/// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user
+	/// to inspect and accept/reject the certificate.
+	/// One can install one's own InvalidCertificateHandler by implementing this interface. Note that
+	/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API 
+	/// and the name of your handler class is MyGuiHandler):
+	///    
+	///    #include "Poco/Net/CertificateHandlerFactory.h"
+	///    ...
+	///    POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler)
+	///
+	/// One can either set the handler directly in the startup code of the main method of ones application by calling
+	///
+	///    SSLManager::instance().initialize(mypassphraseHandler, myguiHandler, mySSLContext)
+	///
+	/// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry
+	/// under the path openSSL.invalidCertificateHandler:
+	///    
+	///    <invalidCertificateHandler>
+	///        <name>MyGuiHandler<name>
+	///        <options>
+	///            [...] // Put optional config params for the handler here
+	///        </options>
+	///    </invalidCertificateHandler>
+	///
+	/// Note that the name of the InvalidCertificateHandler must be same as the one provided to the POCO_REGISTER_CHFACTORY macro.
+{
+public:
+	InvalidCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the InvalidCertificateHandler.
+		/// 
+		/// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side.
+		/// Automatically registers at one of the SSLManager::VerificationError events.
+
+	virtual ~InvalidCertificateHandler();
+		/// Destroys the InvalidCertificateHandler.
+
+	virtual void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert) = 0;
+		/// Receives the questionable certificate in parameter errorCert. If one wants to accept the
+		/// certificate, call errorCert.setIgnoreError(true).
+
+protected:
+	bool _handleErrorsOnServerSide;
+		/// Stores if the certificate handler gets invoked by the server (i.e. a client certificate is wrong)
+		/// or the client (a server certificate is wrong)
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_InvalidCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h
new file mode 100644
index 0000000000..d9483d78e0
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyConsoleHandler.h
@@ -0,0 +1,47 @@
+//
+// KeyConsoleHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  KeyConsoleHandler
+//
+// Definition of the KeyConsoleHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_KeyConsoleHandler_INCLUDED
+#define NetSSL_KeyConsoleHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/PrivateKeyPassphraseHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API KeyConsoleHandler: public PrivateKeyPassphraseHandler
+	/// An implementation of PrivateKeyPassphraseHandler that
+	/// reads the key for a certificate from the console.
+{
+public:
+	KeyConsoleHandler(bool server);
+		/// Creates the KeyConsoleHandler.
+
+	~KeyConsoleHandler();
+		/// Destroys the KeyConsoleHandler.
+
+	void onPrivateKeyRequested(const void* pSender, std::string& privateKey);
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_KeyConsoleHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h
new file mode 100644
index 0000000000..274cdbff59
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/KeyFileHandler.h
@@ -0,0 +1,51 @@
+//
+// KeyFileHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  KeyFileHandler
+//
+// Definition of the KeyFileHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_KeyFileHandler_INCLUDED
+#define NetSSL_KeyFileHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/PrivateKeyPassphraseHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API KeyFileHandler: public PrivateKeyPassphraseHandler
+	/// An implementation of PrivateKeyPassphraseHandler that 
+	/// reads the key for a certificate from a configuration file
+	/// under the path "openSSL.privateKeyPassphraseHandler.options.password".
+{
+public:
+	KeyFileHandler(bool server);
+		/// Creates the KeyFileHandler.
+
+	virtual ~KeyFileHandler();
+		/// Destroys the KeyFileHandler.
+
+	void onPrivateKeyRequested(const void* pSender, std::string& privateKey);
+
+private:
+	static const std::string CFG_PRIV_KEY_FILE;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_KeyFileHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h
new file mode 100644
index 0000000000..ae793fde93
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/NetSSL.h
@@ -0,0 +1,94 @@
+//
+// NetSSL.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  OpenSSL
+//
+// Basic definitions for the Poco OpenSSL library.
+// This file must be the first file included by every other OpenSSL
+// header file.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_NetSSL_INCLUDED
+#define NetSSL_NetSSL_INCLUDED
+
+
+#include "Poco/Net/Net.h"
+#include "Poco/Crypto/Crypto.h"
+
+
+//
+// The following block is the standard way of creating macros which make exporting
+// from a DLL simpler. All files within this DLL are compiled with the NetSSL_EXPORTS
+// symbol defined on the command line. this symbol should not be defined on any project
+// that uses this DLL. This way any other project whose source files include this file see
+// NetSSL_API functions as being imported from a DLL, wheras this DLL sees symbols
+// defined with this macro as being exported.
+//
+#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(POCO_DLL)
+	#if defined(NetSSL_EXPORTS)
+		#define NetSSL_API __declspec(dllexport)
+	#else
+		#define NetSSL_API __declspec(dllimport)
+	#endif
+#endif
+
+
+#if !defined(NetSSL_API)
+	#if !defined(POCO_NO_GCC_API_ATTRIBUTE) && defined (__GNUC__) && (__GNUC__ >= 4)
+		#define NetSSL_API __attribute__ ((visibility ("default")))
+	#else
+		#define NetSSL_API
+	#endif
+#endif
+
+
+//
+// Automatically link NetSSL and OpenSSL libraries.
+//
+#if defined(_MSC_VER)
+	#if !defined(POCO_NO_AUTOMATIC_LIBS)
+		#if !defined(NetSSL_EXPORTS)
+			#pragma comment(lib, "PocoNetSSL" POCO_LIB_SUFFIX)
+		#endif
+	#endif // POCO_NO_AUTOMATIC_LIBS
+#endif
+
+
+namespace Poco {
+namespace Net {
+
+
+void NetSSL_API initializeSSL();
+	/// Initialize the NetSSL library, as well as the underlying OpenSSL
+	/// libraries, by calling Poco::Crypto::OpenSSLInitializer::initialize().
+	///
+	/// Should be called before using any class from the NetSSL library.
+	/// The NetSSL will be initialized automatically, through 
+	/// Poco::Crypto::OpenSSLInitializer instances or similar mechanisms
+	/// when creating Context or SSLManager instances.
+	/// However, it is recommended to call initializeSSL()
+	/// in any case at application startup.
+	///
+	/// Can be called multiple times; however, for every call to
+	/// initializeSSL(), a matching call to uninitializeSSL()
+	/// must be performed.
+	
+
+void NetSSL_API uninitializeSSL();
+	/// Uninitializes the NetSSL library by calling 
+	/// Poco::Crypto::OpenSSLInitializer::uninitialize() and
+	/// shutting down the SSLManager.
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_NetSSL_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h
new file mode 100644
index 0000000000..9c0fa37faa
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactory.h
@@ -0,0 +1,95 @@
+//
+// PrivateKeyFactory.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyFactory
+//
+// Definition of the PrivateKeyFactory class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_PrivateKeyFactory_INCLUDED
+#define NetSSL_PrivateKeyFactory_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class PrivateKeyPassphraseHandler;
+
+
+class NetSSL_API PrivateKeyFactory
+	/// A PrivateKeyFactory is responsible for creating PrivateKeyPassphraseHandlers.
+	///
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) 
+	/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).
+{
+public:
+	PrivateKeyFactory();
+		/// Creates the PrivateKeyFactory.
+
+	virtual ~PrivateKeyFactory();
+		/// Destroys the PrivateKeyFactory.
+
+	virtual PrivateKeyPassphraseHandler* create(bool onServer) const = 0;
+		/// Creates a new PrivateKeyPassphraseHandler
+};
+
+
+class NetSSL_API PrivateKeyFactoryRegistrar
+	/// Registrar class which automatically registers PrivateKeyFactories at the PrivateKeyFactoryMgr.
+	///
+	/// You don't need to access this class directly. Use the macro
+	///     POCO_REGISTER_KEYFACTORY(namespace, PrivateKeyPassphraseHandlerName) 
+	/// instead (see the documentation of PrivateKeyPassphraseHandler for an example).
+
+{
+public:
+	PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory);
+		/// Registers the PrivateKeyFactory with the given name at the factory manager.
+
+	virtual ~PrivateKeyFactoryRegistrar();
+		/// Destroys the PrivateKeyFactoryRegistrar.
+};
+
+
+template<typename T>
+class PrivateKeyFactoryImpl: public Poco::Net::PrivateKeyFactory
+{
+public:
+	PrivateKeyFactoryImpl()
+	{
+	}
+
+	~PrivateKeyFactoryImpl()
+	{
+	}
+
+	PrivateKeyPassphraseHandler* create(bool server) const
+	{
+		return new T(server);
+	}
+};
+
+
+} } // namespace Poco::Net
+
+
+// DEPRECATED: register the factory directly at the FactoryMgr:
+// Poco::Net::SSLManager::instance().privateKeyFactoryMgr().setFactory(name, new Poco::Net::PrivateKeyFactoryImpl<MyKeyHandler>());
+#define POCO_REGISTER_KEYFACTORY(API, PKCLS)	\
+	static Poco::Net::PrivateKeyFactoryRegistrar aRegistrar(std::string(#PKCLS), new Poco::Net::PrivateKeyFactoryImpl<PKCLS>());
+
+
+#endif // NetSSL_PrivateKeyFactory_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h
new file mode 100644
index 0000000000..b29b37f46a
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyFactoryMgr.h
@@ -0,0 +1,64 @@
+//
+// PrivateKeyFactoryMgr.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyFactoryMgr
+//
+// Definition of the PrivateKeyFactoryMgr class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_PrivateKeyFactoryMgr_INCLUDED
+#define NetSSL_PrivateKeyFactoryMgr_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/PrivateKeyFactory.h"
+#include "Poco/SharedPtr.h"
+#include <map>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API PrivateKeyFactoryMgr
+	/// A PrivateKeyFactoryMgr manages all existing PrivateKeyFactories.
+{
+public:
+	typedef std::map<std::string, Poco::SharedPtr<PrivateKeyFactory> > FactoriesMap;
+	
+	PrivateKeyFactoryMgr();
+		/// Creates the PrivateKeyFactoryMgr.
+
+	~PrivateKeyFactoryMgr();
+		/// Destroys the PrivateKeyFactoryMgr.
+
+	void setFactory(const std::string& name, PrivateKeyFactory* pFactory);
+		/// Registers the factory. Class takes ownership of the pointer.
+		/// If a factory with the same name already exists, an exception is thrown.
+
+	bool hasFactory(const std::string& name) const;
+		/// Returns true if for the given name a factory is already registered
+	
+	const PrivateKeyFactory* getFactory(const std::string& name) const;
+		/// Returns NULL if for the given name a factory does not exist, otherwise the factory is returned
+
+	void removeFactory(const std::string& name);
+		/// Removes the factory from the manager. 
+
+private:
+	FactoriesMap _factories;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_PrivateKeyFactoryMgr_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h
new file mode 100644
index 0000000000..726703f78f
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/PrivateKeyPassphraseHandler.h
@@ -0,0 +1,84 @@
+//
+// PrivateKeyPassphraseHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyPassphraseHandler
+//
+// Definition of the PrivateKeyPassphraseHandler class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_PrivateKeyPassphraseHandler_INCLUDED
+#define NetSSL_PrivateKeyPassphraseHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API PrivateKeyPassphraseHandler
+	/// A passphrase handler is needed whenever the private key of a certificate is loaded and the certificate is protected
+	/// by a passphrase. The PrivateKeyPassphraseHandler's task is to provide that passphrase.
+	/// One can install one's own PrivateKeyPassphraseHandler by implementing this interface. Note that
+	/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API 
+	/// and the name of your handler class is MyGuiHandler):
+	///    
+	///    #include "Poco/Net/PrivateKeyFactory.h"
+	///    ...
+	///    POCO_REGISTER_KEYFACTORY(My_API, MyGuiHandler)
+	///
+	/// One can either set the handler directly in the startup code of the main method of ones application by calling
+	///
+	///    SSLManager::instance().initialize(myguiHandler, myInvalidCertificateHandler, mySSLContext)
+	///
+	/// or in case one's application extends Poco::Util::Application one can use an XML configuration and put the following entry
+	/// under the path openSSL.privateKeyPassphraseHandler:
+	///    
+	///    <privateKeyPassphraseHandler>
+	///        <name>MyGuiHandler</name>
+	///        <options>
+	///            [...] // Put optional config params for the handler here
+	///        </options>
+	///    </privateKeyPassphraseHandler>
+	///
+	/// Note that the name of the passphrase handler must be same as the one provided to the POCO_REGISTER_KEYFACTORY macro.
+{
+public:
+	PrivateKeyPassphraseHandler(bool onServerSide);
+		/// Creates the PrivateKeyPassphraseHandler. Automatically registers at the SSLManager::PrivateKeyPassword event.
+
+	virtual ~PrivateKeyPassphraseHandler();
+		/// Destroys the PrivateKeyPassphraseHandler.
+
+	virtual void onPrivateKeyRequested(const void* pSender, std::string& privateKey) = 0;
+		/// Returns the requested private key in the parameter privateKey.
+
+	bool serverSide() const;
+
+private:
+	bool _serverSide;
+};
+
+
+//
+// inlines
+//
+inline bool PrivateKeyPassphraseHandler::serverSide() const
+{
+	return _serverSide;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_PrivateKeyPassphraseHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h
new file mode 100644
index 0000000000..b170ad50b5
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/RejectCertificateHandler.h
@@ -0,0 +1,48 @@
+//
+// RejectCertificateHandler.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  RejectCertificateHandler
+//
+// Definition of the RejectCertificateHandler class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_RejectCertificateHandler_INCLUDED
+#define NetSSL_RejectCertificateHandler_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API RejectCertificateHandler: public InvalidCertificateHandler
+	/// A RejectCertificateHandler is invoked whenever an error 
+	/// occurs verifying the certificate. It always rejects
+	/// the certificate.
+{
+public:
+	RejectCertificateHandler(bool handleErrorsOnServerSide);
+		/// Creates the RejectCertificateHandler
+
+	virtual ~RejectCertificateHandler();
+		/// Destroys the RejectCertificateHandler.
+
+	void onInvalidCertificate(const void* pSender, VerificationErrorArgs& errorCert);
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_RejectCertificateHandler_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h
new file mode 100644
index 0000000000..7b8dfe79d3
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLException.h
@@ -0,0 +1,39 @@
+//
+// SSLException.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  SSLException
+//
+// Definition of the SSLException class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SSLException_INCLUDED
+#define NetSSL_SSLException_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/NetException.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+POCO_DECLARE_EXCEPTION(NetSSL_API, SSLException, NetException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, SSLContextException, SSLException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, InvalidCertificateException, SSLException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, CertificateValidationException, SSLException)
+POCO_DECLARE_EXCEPTION(NetSSL_API, SSLConnectionUnexpectedlyClosedException, SSLException)
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SSLException_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
new file mode 100644
index 0000000000..6d0f469295
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
@@ -0,0 +1,390 @@
+//
+// SSLManager.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  SSLManager
+//
+// Definition of the SSLManager class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SSLManager_INCLUDED
+#define NetSSL_SSLManager_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/VerificationErrorArgs.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/PrivateKeyFactoryMgr.h"
+#include "Poco/Net/CertificateHandlerFactoryMgr.h"
+#include "Poco/Net/InvalidCertificateHandler.h"
+#include "Poco/Util/AbstractConfiguration.h"
+#include "Poco/BasicEvent.h"
+#include "Poco/SharedPtr.h"
+#include "Poco/Mutex.h"
+#include <openssl/ssl.h>
+#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
+#include <openssl/fips.h>
+#endif
+
+
+namespace Poco {
+namespace Net {
+
+
+class Context;
+
+
+class NetSSL_API SSLManager
+	/// SSLManager is a singleton for holding the default server/client
+	/// Context and handling callbacks for certificate verification errors
+	/// and private key passphrases.
+	///
+	/// Proper initialization of SSLManager is critical.
+	///
+	/// SSLManager can be initialized manually, by calling initializeServer()
+	/// and/or initializeClient(), or initialization can be automatic. In the latter
+	/// case, a Poco::Util::Application instance must be available and the required
+	/// configuration properties must be set (see below).
+	///
+	/// Note that manual initialization must happen very early in the application,
+	/// before defaultClientContext() or defaultServerContext() are called.
+	///
+	/// If defaultClientContext() and defaultServerContext() are never called
+	/// in an application, initialization of SSLManager can be omitted.
+	/// However, in this case, delegates for the ServerVerificationError,
+	/// ClientVerificationError and PrivateKeyPassphraseRequired events
+	/// must be registered.
+	///
+	/// An exemplary documentation which sets either the server or client default context and creates
+	/// a PrivateKeyPassphraseHandler that reads the password from the XML file looks like this:
+	///
+	///    <AppConfig>
+	///       <openSSL>
+	///          <server|client>
+	///            <privateKeyFile>mycert.key</privateKeyFile>
+	///            <certificateFile>mycert.crt</certificateFile>
+	///            <caConfig>rootcert.pem</caConfig>
+	///            <verificationMode>none|relaxed|strict|once</verificationMode>
+	///            <verificationDepth>1..9</verificationDepth>
+	///            <loadDefaultCAFile>true|false</loadDefaultCAFile>
+	///            <cipherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cipherList>
+	///            <preferServerCiphers>true|false</preferServerCiphers>
+	///            <privateKeyPassphraseHandler>
+	///                <name>KeyFileHandler</name>
+	///                <options>
+	///                    <password>test</password>
+	///                </options>
+	///            </privateKeyPassphraseHandler>
+	///            <invalidCertificateHandler>
+	///                 <name>ConsoleCertificateHandler</name>
+	///            </invalidCertificateHandler>
+	///            <cacheSessions>true|false</cacheSessions>
+	///            <sessionIdContext>someString</sessionIdContext> <!-- server only -->
+	///            <sessionCacheSize>0..n</sessionCacheSize>       <!-- server only -->
+	///            <sessionTimeout>0..n</sessionTimeout>           <!-- server only -->
+	///            <extendedVerification>true|false</extendedVerification>
+	///            <requireTLSv1>true|false</requireTLSv1>
+	///            <requireTLSv1_1>true|false</requireTLSv1_1>
+	///            <requireTLSv1_2>true|false</requireTLSv1_2>
+	///            <disableProtocols>sslv2,sslv3,tlsv1,tlsv1_1,tlsv1_2</disableProtocols>
+	///            <dhParamsFile>dh.pem</dhParamsFile>
+	///            <ecdhCurve>prime256v1</ecdhCurve>
+	///          </server|client>
+	///          <fips>false</fips>
+	///       </openSSL>
+	///    </AppConfig>
+	///
+	/// Following is a list of supported configuration properties. Property names must always
+	/// be prefixed with openSSL.server or openSSL.client. Some properties are only supported
+	/// for servers.
+	///
+	///    - privateKeyFile (string): The path to the file containing the private key for the certificate
+	///      in PEM format (or containing both the private key and the certificate).
+	///    - certificateFile (string): The Path to the file containing the server's or client's certificate
+	///      in PEM format. Can be omitted if the the file given in privateKeyFile contains the certificate as well.
+	///    - caConfig (string): The path to the file or directory containing the trusted root certificates.
+	///    - verificationMode (string): Specifies whether and how peer certificates are validated (see
+	///      the Context class for details). Valid values are none, relaxed, strict, once.
+	///    - verificationDepth (integer, 1-9): Sets the upper limit for verification chain sizes. Verification
+	///      will fail if a certificate chain larger than this is encountered.
+	///    - loadDefaultCAFile (boolean): Specifies whether the builtin CA certificates from OpenSSL are used.
+	///    - cipherList (string): Specifies the supported ciphers in OpenSSL notation
+	///      (e.g. "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH").
+	///    - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the
+	///      client preferences. When not called, the SSL server will always follow the clients
+	///      preferences. When called, the SSL/TLS server will choose following its own
+	///      preferences.
+	///    - privateKeyPassphraseHandler.name (string): The name of the class (subclass of PrivateKeyPassphraseHandler)
+	///      used for obtaining the passphrase for accessing the private key.
+	///    - privateKeyPassphraseHandler.options.password (string): The password to be used by KeyFileHandler.
+	///    - invalidCertificateHandler.name: The name of the class (subclass of CertificateHandler)
+	///      used for confirming invalid certificates.
+	///    - cacheSessions (boolean): Enables or disables session caching.
+	///    - sessionIdContext (string): contains the application's unique session ID context, which becomes
+	///      part of each session identifier generated by the server. Can be an arbitrary sequence
+	///      of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. Should be specified
+	///      for a server to enable session caching. Should be specified even if session caching
+	///      is disabled to avoid problems with clients that request session caching (e.g. Firefox 3.6).
+	///      If not specified, defaults to ${application.name}.
+	///    - sessionCacheSize (integer): Sets the maximum size of the server session cache, in number of
+	///      sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too
+	///      large for many applications, especially on embedded platforms with limited memory.
+	///      Specifying a size of 0 will set an unlimited cache size.
+	///    - sessionTimeout (integer):  Sets the timeout (in seconds) of cached sessions on the server.
+	///    - extendedVerification (boolean): Enable or disable the automatic post-connection
+	///      extended certificate verification.
+	///    - requireTLSv1 (boolean): Require a TLSv1 connection.
+	///    - requireTLSv1_1 (boolean): Require a TLSv1.1 connection.
+	///    - requireTLSv1_2 (boolean): Require a TLSv1.2 connection.
+	///    - disableProtocols (string): A comma-separated list of protocols that should be
+	///      disabled. Valid protocol names are sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2.
+	///    - dhParamsFile (string): Specifies a file containing Diffie-Hellman parameters.
+	///      If not specified or empty, the default parameters are used.
+	///    - ecdhCurve (string): Specifies the name of the curve to use for ECDH, based
+	///      on the curve names specified in RFC 4492. Defaults to "prime256v1".
+	///    - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version
+	///      that this library is built against supports FIPS mode.
+{
+public:
+	typedef Poco::SharedPtr<PrivateKeyPassphraseHandler> PrivateKeyPassphraseHandlerPtr;
+	typedef Poco::SharedPtr<InvalidCertificateHandler> InvalidCertificateHandlerPtr;
+
+	Poco::BasicEvent<VerificationErrorArgs> ServerVerificationError;
+		/// Fired whenever a certificate verification error is detected by the server during a handshake.
+
+	Poco::BasicEvent<VerificationErrorArgs> ClientVerificationError;
+		/// Fired whenever a certificate verification error is detected by the client during a handshake.
+
+	Poco::BasicEvent<std::string> PrivateKeyPassphraseRequired;
+		/// Fired when a encrypted certificate is loaded. Not setting the password
+		/// in the event parameter will result in a failure to load the certificate.
+
+	static SSLManager& instance();
+		/// Returns the instance of the SSLManager singleton.
+
+	void initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrCertificateHandler, Context::Ptr ptrContext);
+		/// Initializes the server side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
+		/// is never called the SSLmanager will try to initialize its members from an application configuration.
+		///
+		/// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates
+		/// must be registered with the ServerVerificationError and PrivateKeyPassphraseRequired events.
+		///
+		/// Note: Always create the handlers (or register the corresponding event delegates) before creating
+		/// the Context, as during creation of the Context the passphrase for the private key might be needed.
+		///
+		/// Valid initialization code would be:
+		///     SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler;
+		///     SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler;
+		///     Context::Ptr pContext = new Context(Context::SERVER_USE, "any.pem", "any.pem", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		///     SSLManager::instance().initializeServer(pConsoleHandler, pInvalidCertHandler, pContext);
+
+	void initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext);
+		/// Initializes the client side of the SSLManager with a default passphrase handler, a default invalid certificate handler and a default context. If this method
+		/// is never called the SSLmanager will try to initialize its members from an application configuration.
+		///
+		/// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates
+		/// must be registered with the ClientVerificationError and PrivateKeyPassphraseRequired events.
+		///
+		/// Note: Always create the handlers (or register the corresponding event delegates) before creating
+		/// the Context, as during creation of the Context the passphrase for the private key might be needed.
+		///
+		/// Valid initialization code would be:
+		///     SharedPtr<PrivateKeyPassphraseHandler> pConsoleHandler = new KeyConsoleHandler;
+		///     SharedPtr<InvalidCertificateHandler> pInvalidCertHandler = new ConsoleCertificateHandler;
+		///     Context::Ptr pContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_RELAXED, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+		///     SSLManager::instance().initializeClient(pConsoleHandler, pInvalidCertHandler, pContext);
+
+	Context::Ptr defaultServerContext();
+		/// Returns the default Context used by the server.
+		///
+		/// Unless initializeServer() has been called, the first call to this method initializes the default Context
+		/// from the application configuration.
+
+	Context::Ptr defaultClientContext();
+		/// Returns the default Context used by the client.
+		///
+		/// Unless initializeClient() has been called, the first call to this method initializes the default Context
+		/// from the application configuration.
+
+	PrivateKeyPassphraseHandlerPtr serverPassphraseHandler();
+		/// Returns the configured passphrase handler of the server. If none is set, the method will create a default one
+		/// from an application configuration.
+
+	InvalidCertificateHandlerPtr serverCertificateHandler();
+		/// Returns an initialized certificate handler (used by the server to verify client cert) which determines how invalid certificates are treated.
+		/// If none is set, it will try to auto-initialize one from an application configuration.
+
+	PrivateKeyPassphraseHandlerPtr clientPassphraseHandler();
+		/// Returns the configured passphrase handler of the client. If none is set, the method will create a default one
+		/// from an application configuration.
+
+	InvalidCertificateHandlerPtr clientCertificateHandler();
+		/// Returns an initialized certificate handler (used by the client to verify server cert) which determines how invalid certificates are treated.
+		/// If none is set, it will try to auto-initialize one from an application configuration.
+
+	PrivateKeyFactoryMgr& privateKeyFactoryMgr();
+		/// Returns the private key factory manager which stores the
+		/// factories for the different registered passphrase handlers for private keys.
+
+	CertificateHandlerFactoryMgr& certificateHandlerFactoryMgr();
+		/// Returns the CertificateHandlerFactoryMgr which stores the
+		/// factories for the different registered certificate handlers.
+
+	static bool isFIPSEnabled();
+		// Returns true if FIPS mode is enabled, false otherwise.
+
+	void shutdown();
+		/// Shuts down the SSLManager and releases the default Context
+		/// objects. After a call to shutdown(), the SSLManager can no
+		/// longer be used.
+		///
+		/// Normally, it's not necessary to call this method directly, as this
+		/// will be called either by uninitializeSSL(), or when
+		/// the SSLManager instance is destroyed.
+
+	static const std::string CFG_SERVER_PREFIX;
+	static const std::string CFG_CLIENT_PREFIX;
+
+protected:
+	static int verifyClientCallback(int ok, X509_STORE_CTX* pStore);
+		/// The return value of this method defines how errors in
+		/// verification are handled. Return 0 to terminate the handshake,
+		/// or 1 to continue despite the error.
+
+	static int verifyServerCallback(int ok, X509_STORE_CTX* pStore);
+		/// The return value of this method defines how errors in
+		/// verification are handled. Return 0 to terminate the handshake,
+		/// or 1 to continue despite the error.
+
+	static int privateKeyPassphraseCallback(char* pBuf, int size, int flag, void* userData);
+		/// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate.
+		/// The request is delegated to the PrivatekeyPassword event. This method returns the
+		/// length of the password.
+
+	static Poco::Util::AbstractConfiguration& appConfig();
+		/// Returns the application configuration.
+		///
+		/// Throws a InvalidStateException if not application instance
+		/// is available.
+
+private:
+	SSLManager();
+		/// Creates the SSLManager.
+
+	~SSLManager();
+		/// Destroys the SSLManager.
+
+	void initDefaultContext(bool server);
+		/// Inits the default context, the first time it is accessed.
+
+	void initEvents(bool server);
+		/// Registers delegates at the events according to the configuration.
+
+	void initPassphraseHandler(bool server);
+		/// Inits the passphrase handler.
+
+	void initCertificateHandler(bool server);
+		/// Inits the certificate handler.
+
+	static int verifyCallback(bool server, int ok, X509_STORE_CTX* pStore);
+		/// The return value of this method defines how errors in
+		/// verification are handled. Return 0 to terminate the handshake,
+		/// or 1 to continue despite the error.
+
+	PrivateKeyFactoryMgr             _factoryMgr;
+	CertificateHandlerFactoryMgr     _certHandlerFactoryMgr;
+	Context::Ptr                     _ptrDefaultServerContext;
+	PrivateKeyPassphraseHandlerPtr   _ptrServerPassphraseHandler;
+	InvalidCertificateHandlerPtr     _ptrServerCertificateHandler;
+	Context::Ptr                     _ptrDefaultClientContext;
+	PrivateKeyPassphraseHandlerPtr   _ptrClientPassphraseHandler;
+	InvalidCertificateHandlerPtr     _ptrClientCertificateHandler;
+	Poco::FastMutex                  _mutex;
+
+	static const std::string CFG_PRIV_KEY_FILE;
+	static const std::string CFG_CERTIFICATE_FILE;
+	static const std::string CFG_CA_LOCATION;
+	static const std::string CFG_VER_MODE;
+	static const Context::VerificationMode VAL_VER_MODE;
+	static const std::string CFG_VER_DEPTH;
+	static const int         VAL_VER_DEPTH;
+	static const std::string CFG_ENABLE_DEFAULT_CA;
+	static const bool        VAL_ENABLE_DEFAULT_CA;
+	static const std::string CFG_CIPHER_LIST;
+	static const std::string CFG_CYPHER_LIST; // for backwards compatibility
+	static const std::string VAL_CIPHER_LIST;
+	static const std::string CFG_PREFER_SERVER_CIPHERS;
+	static const std::string CFG_DELEGATE_HANDLER;
+	static const std::string VAL_DELEGATE_HANDLER;
+	static const std::string CFG_CERTIFICATE_HANDLER;
+	static const std::string VAL_CERTIFICATE_HANDLER;
+	static const std::string CFG_CACHE_SESSIONS;
+	static const std::string CFG_SESSION_ID_CONTEXT;
+	static const std::string CFG_SESSION_CACHE_SIZE;
+	static const std::string CFG_SESSION_TIMEOUT;
+	static const std::string CFG_EXTENDED_VERIFICATION;
+	static const std::string CFG_REQUIRE_TLSV1;
+	static const std::string CFG_REQUIRE_TLSV1_1;
+	static const std::string CFG_REQUIRE_TLSV1_2;
+	static const std::string CFG_DISABLE_PROTOCOLS;
+	static const std::string CFG_DH_PARAMS_FILE;
+	static const std::string CFG_ECDH_CURVE;
+
+#ifdef OPENSSL_FIPS
+	static const std::string CFG_FIPS_MODE;
+	static const bool        VAL_FIPS_MODE;
+#endif
+
+	friend class Poco::SingletonHolder<SSLManager>;
+	friend class Context;
+};
+
+
+//
+// inlines
+//
+inline PrivateKeyFactoryMgr& SSLManager::privateKeyFactoryMgr()
+{
+	return _factoryMgr;
+}
+
+
+inline CertificateHandlerFactoryMgr& SSLManager::certificateHandlerFactoryMgr()
+{
+	return _certHandlerFactoryMgr;
+}
+
+
+inline bool SSLManager::isFIPSEnabled()
+{
+#ifdef OPENSSL_FIPS
+	return FIPS_mode() ? true : false;
+#else
+	return false;
+#endif
+}
+
+
+inline int SSLManager::verifyServerCallback(int ok, X509_STORE_CTX* pStore)
+{
+	return SSLManager::verifyCallback(true, ok, pStore);
+}
+
+
+inline int SSLManager::verifyClientCallback(int ok, X509_STORE_CTX* pStore)
+{
+	return SSLManager::verifyCallback(false, ok, pStore);
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SSLManager_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h
new file mode 100644
index 0000000000..146be2aeb5
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSMTPClientSession.h
@@ -0,0 +1,96 @@
+//
+// SecureSMTPClientSession.h
+//
+// Library: NetSSL_OpenSSL
+// Package: Mail
+// Module:  SecureSMTPClientSession
+//
+// Definition of the SecureSMTPClientSession class.
+//
+// Copyright (c) 2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef Net_SecureSMTPClientSession_INCLUDED
+#define Net_SecureSMTPClientSession_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SMTPClientSession.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureSMTPClientSession: public SMTPClientSession
+	/// This class implements an Simple Mail
+	/// Transfer Protocol (SMTP, RFC 2821)
+	/// client for sending e-mail messages that
+	/// supports the STARTTLS command for secure
+	/// connections.
+	///
+	/// Usage is as follows:
+	///   1. Create a SecureSMTPClientSession object.
+	///   2. Call login() or login(hostname).
+	///   3. Call startTLS() to switch to a secure connection.
+	///      Check the return value to see if a secure connection
+	///      has actually been established (not all servers may
+	///      support STARTTLS).
+	///   4. Call any of the login() methods to securely authenticate
+	///      with a username and password.
+	///   5. Send the message(s).
+{
+public:
+	explicit SecureSMTPClientSession(const StreamSocket& socket);
+		/// Creates the SecureSMTPClientSession using
+		/// the given socket, which must be connected
+		/// to a SMTP server.
+
+	SecureSMTPClientSession(const std::string& host, Poco::UInt16 port = SMTP_PORT);
+		/// Creates the SecureSMTPClientSession using a socket connected
+		/// to the given host and port.
+
+	virtual ~SecureSMTPClientSession();
+		/// Destroys the SMTPClientSession.
+
+	bool startTLS();
+		/// Sends a STARTTLS command and, if successful, 
+		/// creates a secure SSL/TLS connection over the
+		/// existing socket connection.
+		///
+		/// Must be called after login() or login(hostname).
+		/// If successful, login() can be called again
+		/// to authenticate the user.
+		///
+		/// Returns true if the STARTTLS command was successful,
+		/// false otherwise.
+
+	bool startTLS(Context::Ptr pContext);
+		/// Sends a STARTTLS command and, if successful, 
+		/// creates a secure SSL/TLS connection over the
+		/// existing socket connection.
+		///
+		/// Uses the given Context object for creating
+		/// the SSL/TLS connection.
+		///
+		/// Must be called after login() or login(hostname).
+		/// If successful, login() can be called again
+		/// to authenticate the user.
+		///
+		/// Returns true if the STARTTLS command was successful,
+		/// false otherwise.
+		
+private:
+	std::string _host;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // Net_SecureSMTPClientSession_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h
new file mode 100644
index 0000000000..2b89c45cb9
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocket.h
@@ -0,0 +1,136 @@
+//
+// SecureServerSocket.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureServerSocket
+//
+// Definition of the SecureServerSocket class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureServerSocket_INCLUDED
+#define NetSSL_SecureServerSocket_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/ServerSocket.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureServerSocket: public ServerSocket
+	/// A server socket for secure SSL connections.
+{
+public:
+	SecureServerSocket();
+		/// Creates a SSL server socket using the
+		/// default SSL server context.
+		///
+		/// The server socket must be bound to
+		/// an address and put into listening state.
+
+	explicit SecureServerSocket(Context::Ptr pContext);
+		/// Creates a SSL server socket, using the
+		/// given SSL context object.
+		///
+		/// The server socket must be bound to
+		/// an address and put into listening state.
+
+	SecureServerSocket(const Socket& socket);
+		/// Creates the SecureServerSocket with the SocketImpl
+		/// from another socket. The SocketImpl must be
+		/// a SecureServerSocketImpl, otherwise an InvalidArgumentException
+		/// will be thrown.
+
+	SecureServerSocket(const SocketAddress& address, int backlog = 64);
+		/// Creates a server socket using the default server SSL context,
+		/// binds it to the given address and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext);
+		/// Creates a server socket using the given SSL context, binds it
+		/// to the given address and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	SecureServerSocket(Poco::UInt16 port, int backlog = 64);
+		/// Creates a server socket using the default server SSL context,
+		/// binds it to the given port and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext);
+		/// Creates a server socket using the given SSL context, binds it
+		/// to the given port and puts it in listening
+		/// state.
+		///
+		/// After successful construction, the server socket
+		/// is ready to accept connections.
+
+	virtual ~SecureServerSocket();
+		/// Destroys the StreamSocket.
+
+	SecureServerSocket& operator = (const Socket& socket);
+		/// Assignment operator.
+		///
+		/// Releases the socket's SocketImpl and
+		/// attaches the SocketImpl from the other socket and
+		/// increments the reference count of the SocketImpl.	
+
+	StreamSocket acceptConnection(SocketAddress& clientAddr);
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new SSL socket for the connection
+		/// with the client.
+		///
+		/// The client socket's address is returned in clientAddr.
+		///
+		/// No SSL handshake is performed on the new connection.
+		/// The SSL handshake will be performed the first time
+		/// sendBytes(), receiveBytes() or completeHandshake()
+		/// is called on the returned SecureStreamSocket.
+
+	StreamSocket acceptConnection();
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new SSL socket for the connection
+		/// with the client.
+		///
+		/// No SSL handshake is performed on the new connection.
+		/// The SSL handshake will be performed the first time
+		/// sendBytes(), receiveBytes() or completeHandshake()
+		/// is called on the returned SecureStreamSocket.
+
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureServerSocket_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
new file mode 100644
index 0000000000..2cf969d099
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h
@@ -0,0 +1,146 @@
+//
+// SecureServerSocketImpl.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureServerSocketImpl
+//
+// Definition of the SecureServerSocketImpl class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureServerSocketImpl_INCLUDED
+#define NetSSL_SecureServerSocketImpl_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SecureSocketImpl.h"
+#include "Poco/Net/ServerSocketImpl.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureServerSocketImpl: public ServerSocketImpl
+	/// The SocketImpl class for SecureServerSocket.
+{
+public:
+	SecureServerSocketImpl(Context::Ptr pContext);
+		/// Creates the SecureServerSocketImpl using the
+		/// given SSL context object.
+
+	SocketImpl* acceptConnection(SocketAddress& clientAddr);
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new TCP socket for the connection
+		/// with the client.
+		///
+		/// The client socket's address is returned in clientAddr.
+	
+	void connect(const SocketAddress& address);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void connect(const SocketAddress& address, const Poco::Timespan& timeout);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void connectNB(const SocketAddress& address);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+		/// Bind a local address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. TCP clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		
+	void listen(int backlog = 64);
+		/// Puts the socket into listening state.
+		///
+		/// The socket becomes a passive socket that
+		/// can accept incoming connection requests.
+		///
+		/// The backlog argument specifies the maximum
+		/// number of connections that can be queued
+		/// for this socket.
+
+	void close();
+		/// Close the socket.
+	
+	int sendBytes(const void* buffer, int length, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int receiveBytes(void* buffer, int length, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	void sendUrgent(unsigned char data);
+		/// Not supported by this kind of socket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	bool secure() const;
+		/// Returns true iff the socket's connection is secure
+		/// (using SSL or TLS).
+		
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+
+protected:
+	~SecureServerSocketImpl();
+		/// Destroys the SecureServerSocketImpl.
+
+private:
+	SecureServerSocketImpl(const SecureServerSocketImpl&);
+	SecureServerSocketImpl& operator = (const SecureServerSocketImpl&);
+
+private:
+	SecureSocketImpl _impl;
+};
+
+
+//
+// inlines
+//
+inline Context::Ptr SecureServerSocketImpl::context() const
+{
+	return _impl.context();
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureServerSocketImpl_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
new file mode 100644
index 0000000000..8d331a3a6d
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
@@ -0,0 +1,265 @@
+//
+// SecureSocketImpl.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureSocketImpl
+//
+// Definition of the SecureSocketImpl class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureSocketImpl_INCLUDED
+#define NetSSL_SecureSocketImpl_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SocketImpl.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/X509Certificate.h"
+#include "Poco/Net/Session.h"
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+
+
+namespace Poco {
+namespace Net {
+
+
+class HostEntry;
+
+
+class NetSSL_API SecureSocketImpl
+	/// The SocketImpl for SecureStreamSocket.
+{
+public:
+	SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext);
+		/// Creates the SecureSocketImpl using an already
+		/// connected stream socket.
+
+	virtual ~SecureSocketImpl();
+		/// Destroys the SecureSocketImpl.
+
+	SocketImpl* acceptConnection(SocketAddress& clientAddr);
+		/// Get the next completed connection from the
+		/// socket's completed connection queue.
+		///
+		/// If the queue is empty, waits until a connection
+		/// request completes.
+		///
+		/// Returns a new SSL socket for the connection
+		/// with the client.
+		///
+		/// The client socket's address is returned in clientAddr.
+	
+	void connect(const SocketAddress& address, bool performHandshake);
+		/// Initializes the socket and establishes a secure connection to 
+		/// the TCP server at the given address.
+		///
+		/// If performHandshake is true, the SSL handshake is performed immediately 
+		/// after establishing the connection. Otherwise, the handshake is performed
+		/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.
+
+	void connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake);
+		/// Initializes the socket, sets the socket timeout and 
+		/// establishes a secure connection to the TCP server at the given address.
+		///
+		/// If performHandshake is true, the SSL handshake is performed immediately 
+		/// after establishing the connection. Otherwise, the handshake is performed
+		/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.
+
+	void connectNB(const SocketAddress& address);
+		/// Initializes the socket and establishes a secure connection to 
+		/// the TCP server at the given address. Prior to opening the
+		/// connection the socket is set to nonblocking mode.
+
+	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+		/// Bind a local address to the socket.
+		///
+		/// This is usually only done when establishing a server
+		/// socket. SSL clients should not bind a socket to a
+		/// specific address.
+		///
+		/// If reuseAddress is true, sets the SO_REUSEADDR
+		/// socket option.
+		
+	void listen(int backlog = 64);
+		/// Puts the socket into listening state.
+		///
+		/// The socket becomes a passive socket that
+		/// can accept incoming connection requests.
+		///
+		/// The backlog argument specifies the maximum
+		/// number of connections that can be queued
+		/// for this socket.
+
+	void shutdown();
+		/// Shuts down the connection by attempting
+		/// an orderly SSL shutdown, then actually
+		/// shutting down the TCP connection.
+
+	void close();
+		/// Close the socket.
+		
+	void abort();
+		/// Aborts the connection by closing the
+		/// underlying TCP connection. No orderly SSL shutdown
+		/// is performed.
+	
+	int sendBytes(const void* buffer, int length, int flags = 0);
+		/// Sends the contents of the given buffer through
+		/// the socket. Any specified flags are ignored.
+		///
+		/// Returns the number of bytes sent, which may be
+		/// less than the number of bytes specified.
+	
+	int receiveBytes(void* buffer, int length, int flags = 0);
+		/// Receives data from the socket and stores it
+		/// in buffer. Up to length bytes are received.
+		///
+		/// Returns the number of bytes received.
+		
+	int available() const;
+		/// Returns the number of bytes available from the
+		/// SSL buffer for immediate reading.
+	
+	int completeHandshake();
+		/// Completes the SSL handshake.
+		///
+		/// If the SSL connection was the result of an accept(),
+		/// the server-side handshake is completed, otherwise
+		/// a client-side handshake is performed. 
+		
+	poco_socket_t sockfd();
+		/// Returns the underlying socket descriptor.
+
+	X509* peerCertificate() const;
+		/// Returns the peer's certificate.
+		
+	Context::Ptr context() const;
+		/// Returns the SSL context used for this socket.
+
+	void verifyPeerCertificate();
+		/// Performs post-connect (or post-accept) peer certificate validation,
+		/// using the peer host name set with setPeerHostName(), or the peer's
+		/// IP address string if no peer host name has been set.
+
+	void verifyPeerCertificate(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation
+		/// using the given peer host name.
+
+	void setPeerHostName(const std::string& hostName);
+		/// Sets the peer host name for certificate validation purposes.
+		
+	const std::string& getPeerHostName() const;
+		/// Returns the peer host name.
+		
+	Session::Ptr currentSession();
+		/// Returns the SSL session of the current connection,
+		/// for reuse in a future connection (if session caching
+		/// is enabled).
+		///
+		/// If no connection is established, returns null.
+		
+	void useSession(Session::Ptr pSession);
+		/// Sets the SSL session to use for the next
+		/// connection. Setting a previously saved Session
+		/// object is necessary to enable session caching.
+		///
+		/// To remove the currently set session, a null pointer
+		/// can be given.
+		///
+		/// Must be called before connect() to be effective.
+		
+	bool sessionWasReused();
+		/// Returns true iff a reused session was negotiated during
+		/// the handshake.
+		
+protected:
+	void acceptSSL();
+		/// Performs a server-side SSL handshake and certificate verification.
+
+	void connectSSL(bool performHandshake);
+		/// Performs a client-side SSL handshake and establishes a secure 
+		/// connection over an already existing TCP connection.
+	
+	long verifyPeerCertificateImpl(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation.
+		
+	static bool isLocalHost(const std::string& hostName);
+		/// Returns true iff the given host name is the local host 
+		/// (either "localhost" or "127.0.0.1").
+
+	bool mustRetry(int rc, Poco::Timespan& remaining_time);
+		/// Returns true if the last operation should be retried,
+		/// otherwise false.
+		///
+		/// In case of an SSL_ERROR_WANT_READ error, and if the socket is 
+		/// blocking, waits for the underlying socket to become readable.
+		///
+		/// In case of an SSL_ERROR_WANT_WRITE error, and if the socket is
+		/// blocking, waits for the underlying socket to become writable.
+		///
+		/// Can also throw a Poco::TimeoutException if the socket does
+		/// not become readable or writable within the sockets
+		/// receive or send timeout.
+
+	int handleError(int rc);
+		/// Handles an SSL error by throwing an appropriate exception.
+
+	void reset();
+		/// Prepares the socket for re-use. 
+		///
+		/// After closing and resetting a socket, the socket can
+		/// be used for a new connection.
+		///
+		/// Note that simply closing a socket is not sufficient
+		/// to be able to re-use it again.
+
+	Poco::Timespan getMaxTimeout();
+
+private:	
+	SecureSocketImpl(const SecureSocketImpl&);
+	SecureSocketImpl& operator = (const SecureSocketImpl&);
+
+	SSL* _pSSL;
+	Poco::AutoPtr<SocketImpl> _pSocket;
+	Context::Ptr _pContext;
+	bool _needHandshake;
+	std::string _peerHostName;
+	Session::Ptr _pSession;
+	
+	friend class SecureStreamSocketImpl;
+};
+
+
+//
+// inlines
+//
+inline poco_socket_t SecureSocketImpl::sockfd()
+{
+	return _pSocket->sockfd();
+}
+
+
+inline Context::Ptr SecureSocketImpl::context() const
+{
+	return _pContext;
+}
+
+
+inline const std::string& SecureSocketImpl::getPeerHostName() const
+{
+	return _peerHostName;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureSocketImpl_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
new file mode 100644
index 0000000000..059be1bbee
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocket.h
@@ -0,0 +1,272 @@
+//
+// SecureStreamSocket.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureStreamSocket
+//
+// Definition of the SecureStreamSocket class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureStreamSocket_INCLUDED
+#define NetSSL_SecureStreamSocket_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/StreamSocket.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/Session.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureStreamSocket: public StreamSocket
+	/// A subclass of StreamSocket for secure SSL sockets.
+	///
+	/// A few notes about nonblocking IO:
+	/// sendBytes() and receiveBytes() can return a
+	/// negative value when using a nonblocking socket, which means 
+	/// a SSL handshake is currently in progress and more data
+	/// needs to be read or written for the handshake to continue.
+	/// If sendBytes() or receiveBytes() return ERR_SSL_WANT_WRITE,
+	/// sendBytes() must be called as soon as possible (usually, after
+	/// select() indicates that data can be written). Likewise, if
+	/// ERR_SSL_WANT_READ is returned, receiveBytes() must be called
+	/// as soon as data is available for reading (indicated by select()).
+	///
+	/// The SSL handshake is delayed until the first sendBytes() or 
+	/// receiveBytes() operation is performed on the socket. No automatic
+	/// post connection check (checking the peer certificate for a valid
+	/// hostname) is performed when using nonblocking I/O. To manually
+	/// perform peer certificate validation, call verifyPeerCertificate()
+	/// after the SSL handshake has been completed.
+{
+public:
+	enum
+	{
+		ERR_SSL_WANT_READ  = -1,
+		ERR_SSL_WANT_WRITE = -2
+	};
+	
+	SecureStreamSocket();
+		/// Creates an unconnected secure stream socket
+		/// using the default client SSL context.
+		///
+		/// Before sending or receiving data, the socket
+		/// must be connected with a call to connect().
+
+	explicit SecureStreamSocket(Context::Ptr pContext);
+		/// Creates an unconnected secure stream socket
+		/// using the given SSL context.
+		///
+		/// Before sending or receiving data, the socket
+		/// must be connected with a call to connect().
+
+	SecureStreamSocket(Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates an unconnected secure stream socket
+		/// using the given SSL context.
+		///
+		/// Before sending or receiving data, the socket
+		/// must be connected with a call to connect().
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	explicit SecureStreamSocket(const SocketAddress& address);
+		/// Creates a secure stream socket using the default 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+
+	SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+
+	SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	SecureStreamSocket(const SocketAddress& address, const std::string& hostName);
+		/// Creates a secure stream socket using the default 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given host name is used for certificate verification.
+
+	SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given host name is used for certificate verification.
+
+	SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a secure stream socket using the given 
+		/// client SSL context and connects it to
+		/// the socket specified by address.
+		///
+		/// The given host name is used for certificate verification.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	SecureStreamSocket(const Socket& socket);
+		/// Creates the SecureStreamSocket with the SocketImpl
+		/// from another socket. The SocketImpl must be
+		/// a SecureStreamSocketImpl, otherwise an InvalidArgumentException
+		/// will be thrown.
+
+	virtual ~SecureStreamSocket();
+		/// Destroys the StreamSocket.
+
+	SecureStreamSocket& operator = (const Socket& socket);
+		/// Assignment operator.
+		///
+		/// Releases the socket's SocketImpl and
+		/// attaches the SocketImpl from the other socket and
+		/// increments the reference count of the SocketImpl.	
+	
+	bool havePeerCertificate() const;
+		/// Returns true iff the peer has presented a
+		/// certificate.
+
+	X509Certificate peerCertificate() const;
+		/// Returns the peer's X509 certificate.
+		///
+		/// Throws a SSLException if the peer did not
+		/// present a certificate.
+		
+	void setPeerHostName(const std::string& hostName);
+		/// Sets the peer's host name used for certificate validation.
+		
+	const std::string& getPeerHostName() const;
+		/// Returns the peer's host name used for certificate validation.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+
+	static SecureStreamSocket attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext, Session::Ptr pSession);
+		/// Creates a SecureStreamSocket over an existing socket
+		/// connection. The given StreamSocket must be connected.
+		/// A SSL handshake will be performed.
+		///
+		/// The given Session is reused, if possible (client session
+		/// caching is enabled for the given Context, and the server
+		/// agrees to reuse the session).
+
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+		
+	void setLazyHandshake(bool flag = true);
+		/// Enable lazy SSL handshake. If enabled, the SSL handshake
+		/// will be performed the first time date is sent or
+		/// received over the connection.
+		
+	bool getLazyHandshake() const;
+		/// Returns true if setLazyHandshake(true) has been called.
+		
+	void verifyPeerCertificate();
+		/// Performs post-connect (or post-accept) peer certificate validation,
+		/// using the peer host name set with setPeerHostName(), or the peer's
+		/// IP address string if no peer host name has been set.
+		///
+		/// Should only be used for non-blocking connections, after the
+		/// initial SSL handshake has been performed (see completeHandshake()).
+
+	void verifyPeerCertificate(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation
+		/// using the given host name.
+		///
+		/// Should only be used for non-blocking connections, after the
+		/// initial SSL handshake has been performed (see completeHandshake()).
+		
+	int completeHandshake();
+		/// Completes the SSL handshake.
+		///
+		/// If the SSL connection was the result of an accept(),
+		/// the server-side handshake is completed, otherwise
+		/// a client-side handshake is performed.
+		///
+		/// Returns 1 if the handshake was successful, ERR_SSL_WANT_READ or
+		/// ERR_SSL_WANT_WRITE if more data is required to complete the
+		/// handshake. In this case, completeHandshake() should be called
+		/// again, after the necessary condition has been met.
+
+	Session::Ptr currentSession();
+		/// Returns the SSL session of the current connection,
+		/// for reuse in a future connection (if session caching
+		/// is enabled).
+		///
+		/// If no connection is established, returns null.
+		
+	void useSession(Session::Ptr pSession);
+		/// Sets the SSL session to use for the next
+		/// connection. Setting a previously saved Session
+		/// object is necessary to enable session caching.
+		///
+		/// To remove the currently set session, a null pointer
+		/// can be given.
+		///
+		/// Must be called before connect() to be effective.
+		
+	bool sessionWasReused();
+		/// Returns true iff a reused session was negotiated during
+		/// the handshake.
+		
+	void abort();
+		/// Aborts the SSL connection by closing the underlying
+		/// TCP connection. No orderly SSL shutdown is performed.
+		
+protected:
+	SecureStreamSocket(SocketImpl* pImpl);
+
+	friend class SecureServerSocket;
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureStreamSocket_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h
new file mode 100644
index 0000000000..3b000b4758
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/SecureStreamSocketImpl.h
@@ -0,0 +1,303 @@
+//
+// SecureStreamSocketImpl.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureStreamSocketImpl
+//
+// Definition of the SecureStreamSocketImpl class.
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_SecureStreamSocketImpl_INCLUDED
+#define NetSSL_SecureStreamSocketImpl_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SecureSocketImpl.h"
+#include "Poco/Net/StreamSocketImpl.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API SecureStreamSocketImpl: public StreamSocketImpl
+	/// This class implements a SSL stream socket.
+{
+public:
+	SecureStreamSocketImpl(Context::Ptr pContext);
+		/// Creates the SecureStreamSocketImpl.
+
+	SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext);
+		/// Creates the SecureStreamSocketImpl.
+
+    void setSendTimeout(const Poco::Timespan& timeout);
+    void setReceiveTimeout(const Poco::Timespan& timeout);
+
+	SocketImpl* acceptConnection(SocketAddress& clientAddr);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void connect(const SocketAddress& address);
+		/// Initializes the socket and establishes a connection to 
+		/// the TCP server at the given address.
+		///
+		/// Can also be used for UDP sockets. In this case, no
+		/// connection is established. Instead, incoming and outgoing
+		/// packets are restricted to the specified address.
+
+	void connect(const SocketAddress& address, const Poco::Timespan& timeout);
+		/// Initializes the socket, sets the socket timeout and 
+		/// establishes a connection to the TCP server at the given address.
+
+	void connectNB(const SocketAddress& address);
+		/// Initializes the socket and establishes a connection to 
+		/// the TCP server at the given address. Prior to opening the
+		/// connection the socket is set to nonblocking mode.
+		
+	void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+		
+	void listen(int backlog = 64);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	void close();
+		/// Close the socket.
+	
+	int sendBytes(const void* buffer, int length, int flags = 0);
+		/// Sends the contents of the given buffer through
+		/// the socket. Any specified flags are ignored.
+		///
+		/// Returns the number of bytes sent, which may be
+		/// less than the number of bytes specified.
+	
+	int receiveBytes(void* buffer, int length, int flags = 0);
+		/// Receives data from the socket and stores it
+		/// in buffer. Up to length bytes are received.
+		///
+		/// Returns the number of bytes received.
+	
+	int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+	
+	void sendUrgent(unsigned char data);
+		/// Not supported by a SecureStreamSocket.
+		///
+		/// Throws a Poco::InvalidAccessException.
+
+	int available();
+		/// Returns the number of bytes available that can be read
+		/// without causing the socket to block.
+		///
+		/// For an SSL connection, returns the number of bytes that
+		/// can be read from the currently buffered SSL record,
+		/// before a new record is read from the underlying socket.
+
+	void shutdownReceive();
+		/// Shuts down the receiving part of the socket connection.
+		///
+		/// Since SSL does not support a half shutdown, this does
+		/// nothing.
+		
+	void shutdownSend();
+		/// Shuts down the receiving part of the socket connection.
+		///
+		/// Since SSL does not support a half shutdown, this does
+		/// nothing.
+		
+	void shutdown();
+		/// Shuts down the SSL connection.
+		
+	void abort();
+		/// Aborts the connection by closing the underlying
+		/// TCP connection. No orderly SSL shutdown is performed.
+		
+	bool secure() const;
+		/// Returns true iff the socket's connection is secure
+		/// (using SSL or TLS).
+
+	void setPeerHostName(const std::string& hostName);
+		/// Sets the peer host name for certificate validation purposes.
+		
+	const std::string& getPeerHostName() const;
+		/// Returns the peer host name.
+
+	bool havePeerCertificate() const;
+		/// Returns true iff the peer has presented a
+		/// certificate.
+
+	X509Certificate peerCertificate() const;
+		/// Returns the peer's X509 certificate.
+		///
+		/// Throws a SSLException if the peer did not
+		/// present a certificate.
+		
+	Context::Ptr context() const;
+		/// Returns the SSL context used by this socket.
+
+	void setLazyHandshake(bool flag = true);
+		/// Enable lazy SSL handshake. If enabled, the SSL handshake
+		/// will be performed the first time date is sent or
+		/// received over the connection.
+		
+	bool getLazyHandshake() const;
+		/// Returns true if setLazyHandshake(true) has been called.
+
+	void verifyPeerCertificate();
+		/// Performs post-connect (or post-accept) peer certificate validation,
+		/// using the peer's IP address as host name.
+
+	void verifyPeerCertificate(const std::string& hostName);
+		/// Performs post-connect (or post-accept) peer certificate validation
+		/// using the given host name.
+
+	int completeHandshake();
+		/// Completes the SSL handshake.
+		///
+		/// If the SSL connection was the result of an accept(),
+		/// the server-side handshake is completed, otherwise
+		/// a client-side handshake is performed. 
+
+	Session::Ptr currentSession();
+		/// Returns the SSL session of the current connection,
+		/// for reuse in a future connection (if session caching
+		/// is enabled).
+		///
+		/// If no connection is established, returns null.
+		
+	void useSession(Session::Ptr pSession);
+		/// Sets the SSL session to use for the next
+		/// connection. Setting a previously saved Session
+		/// object is necessary to enable session caching.
+		///
+		/// To remove the currently set session, a null pointer
+		/// can be given.
+		///
+		/// Must be called before connect() to be effective.
+		
+	bool sessionWasReused();
+		/// Returns true iff a reused session was negotiated during
+		/// the handshake.
+		
+protected:
+	void acceptSSL();
+		/// Performs a SSL server-side handshake.
+	
+	void connectSSL();
+		/// Performs a SSL client-side handshake on an already connected TCP socket.
+	
+	~SecureStreamSocketImpl();
+		/// Destroys the SecureStreamSocketImpl.
+
+	static int lastError();
+	static void error();
+	static void error(const std::string& arg);
+	static void error(int code);
+	static void error(int code, const std::string& arg);
+
+private:
+	SecureStreamSocketImpl(const SecureStreamSocketImpl&);
+	SecureStreamSocketImpl& operator = (const SecureStreamSocketImpl&);
+
+    StreamSocketImpl * underlying_socket;
+	SecureSocketImpl _impl;
+	bool             _lazyHandshake;
+
+	friend class SecureSocketImpl;
+	friend class SecureStreamSocket;
+};
+
+
+//
+// inlines
+//
+inline const std::string& SecureStreamSocketImpl::getPeerHostName() const
+{
+	return _impl.getPeerHostName();
+}
+
+
+inline void SecureStreamSocketImpl::setPeerHostName(const std::string& peerHostName)
+{
+	_impl.setPeerHostName(peerHostName);
+}
+
+
+inline Context::Ptr SecureStreamSocketImpl::context() const
+{
+	return _impl.context();
+}
+
+
+inline Session::Ptr SecureStreamSocketImpl::currentSession()
+{
+	return _impl.currentSession();
+}
+
+	
+inline void SecureStreamSocketImpl::useSession(Session::Ptr pSession)
+{
+	_impl.useSession(pSession);
+}
+
+	
+inline bool SecureStreamSocketImpl::sessionWasReused()
+{
+	return _impl.sessionWasReused();
+}
+
+
+inline int SecureStreamSocketImpl::lastError()
+{
+	return SocketImpl::lastError();
+}
+
+
+inline void SecureStreamSocketImpl::error()
+{
+	return SocketImpl::error();
+}
+
+
+inline void SecureStreamSocketImpl::error(const std::string& arg)
+{
+	return SocketImpl::error(arg);
+}
+
+
+inline void SecureStreamSocketImpl::error(int code)
+{
+	return SocketImpl::error(code);
+}
+
+
+inline void SecureStreamSocketImpl::error(int code, const std::string& arg)
+{
+	return SocketImpl::error(code, arg);
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_SecureStreamSocketImpl_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h
new file mode 100644
index 0000000000..cc9b2db746
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Session.h
@@ -0,0 +1,79 @@
+//
+// Session.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Session
+//
+// Definition of the Session class.
+//
+// Copyright (c) 2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_Session_INCLUDED
+#define NetSSL_Session_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/RefCountedObject.h"
+#include "Poco/AutoPtr.h"
+#include <openssl/ssl.h>
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API Session: public Poco::RefCountedObject
+	/// This class encapsulates a SSL session object
+	/// used with session caching on the client side.
+	///
+	/// For session caching to work, a client must
+	/// save the session object from an existing connection,
+	/// if it wants to reuse it with a future connection.
+{
+public:
+	typedef Poco::AutoPtr<Session> Ptr;
+
+	SSL_SESSION* sslSession() const;
+		/// Returns the stored OpenSSL SSL_SESSION object.
+
+protected:	
+	Session(SSL_SESSION* pSession);
+		/// Creates a new Session object, using the given
+		/// SSL_SESSION object. 
+		/// 
+		/// The SSL_SESSION's reference count is not changed.
+
+	~Session();
+		/// Destroys the Session.
+		///
+		/// Calls SSL_SESSION_free() on the stored
+		/// SSL_SESSION object.
+
+private:
+	Session();
+
+	SSL_SESSION* _pSession;
+	
+	friend class SecureSocketImpl;
+};
+
+
+//
+// inlines
+//
+inline SSL_SESSION* Session::sslSession() const
+{
+	return _pSession;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_Session_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h
new file mode 100644
index 0000000000..b1d0073cfa
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/Utility.h
@@ -0,0 +1,52 @@
+//
+// Utility.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Utility
+//
+// Definition of the Utility class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_Utility_INCLUDED
+#define NetSSL_Utility_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/Context.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API Utility
+	/// This class provides various helper functions for working
+	/// with the OpenSSL library.
+{
+public:
+	static Context::VerificationMode convertVerificationMode(const std::string& verMode);
+		/// Non-case sensitive conversion of a string to a VerificationMode enum.
+		/// If verMode is illegal an InvalidArgumentException is thrown.
+
+	static std::string convertCertificateError(long errCode);
+		/// Converts an SSL certificate handling error code into an error message.
+
+	static std::string getLastError();
+		/// Returns the last error from the error stack
+
+	static void clearErrorStack();
+		/// Clears the error stack
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_Utility_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h
new file mode 100644
index 0000000000..55ef897bb7
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h
@@ -0,0 +1,108 @@
+//
+// VerificationErrorArgs.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  VerificationErrorArgs
+//
+// Definition of the VerificationErrorArgs class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_VerificationErrorArgs_INCLUDED
+#define NetSSL_VerificationErrorArgs_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/X509Certificate.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+class NetSSL_API VerificationErrorArgs
+	/// A utility class for certificate error handling.
+{
+public:
+	VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg);
+		/// Creates the VerificationErrorArgs. _ignoreError is per default set to false.
+
+	~VerificationErrorArgs();
+		/// Destroys the VerificationErrorArgs.
+
+	const X509Certificate& certificate() const;
+		/// Returns the certificate that caused the error.
+
+	int errorDepth() const;
+		/// Returns the position of the certificate in the certificate chain.
+
+	int errorNumber() const;
+		/// Returns the id of the error
+
+	const std::string& errorMessage() const;
+		/// Returns the textual presentation of the errorNumber.
+
+	void setIgnoreError(bool ignoreError);
+		/// setIgnoreError to true, if a verification error is judged non-fatal by the user.
+
+	bool getIgnoreError() const;
+		/// returns the value of _ignoreError
+
+private:
+	X509Certificate	_cert;
+	int             _errorDepth;
+	int             _errorNumber;
+	std::string     _errorMessage; /// Textual representation of the _errorNumber
+	bool            _ignoreError;
+};
+
+
+//
+// inlines
+//
+inline const X509Certificate& VerificationErrorArgs::certificate() const
+{
+	return _cert;
+}
+
+
+inline int VerificationErrorArgs::errorDepth() const
+{
+	return _errorDepth;
+}
+
+
+inline int VerificationErrorArgs::errorNumber() const
+{
+	return _errorNumber;
+}
+
+
+inline const std::string& VerificationErrorArgs::errorMessage() const
+{
+	return _errorMessage;
+}
+
+
+inline void VerificationErrorArgs::setIgnoreError(bool ignoreError)
+{
+	_ignoreError = ignoreError;
+}
+
+
+inline bool VerificationErrorArgs::getIgnoreError() const
+{
+	return _ignoreError;
+}
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_VerificationErrorArgs_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
new file mode 100644
index 0000000000..a810b29457
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
@@ -0,0 +1,102 @@
+//
+// X509Certificate.h
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  X509Certificate
+//
+// Definition of the X509Certificate class.
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#ifndef NetSSL_X509Certificate_INCLUDED
+#define NetSSL_X509Certificate_INCLUDED
+
+
+#include "Poco/Net/NetSSL.h"
+#include "Poco/Net/SocketDefs.h"
+#include "Poco/Crypto/X509Certificate.h"
+#include "Poco/DateTime.h"
+#include "Poco/SharedPtr.h"
+#include <set>
+
+
+namespace Poco {
+namespace Net {
+
+
+class HostEntry;
+
+
+class NetSSL_API X509Certificate: public Poco::Crypto::X509Certificate
+	/// This class extends Poco::Crypto::X509Certificate with the
+	/// feature to validate a certificate.
+{
+public:
+	explicit X509Certificate(std::istream& istr);
+		/// Creates the X509Certificate object by reading
+		/// a certificate in PEM format from a stream.
+
+	explicit X509Certificate(const std::string& path);
+		/// Creates the X509Certificate object by reading
+		/// a certificate in PEM format from a file.
+
+	explicit X509Certificate(X509* pCert);
+		/// Creates the X509Certificate from an existing
+		/// OpenSSL certificate. Ownership is taken of 
+		/// the certificate.
+
+	X509Certificate(X509* pCert, bool shared);
+		/// Creates the X509Certificate from an existing
+		/// OpenSSL certificate. Ownership is taken of 
+		/// the certificate. If shared is true, the 
+		/// certificate's reference count is incremented.
+
+	X509Certificate(const Poco::Crypto::X509Certificate& cert);
+		/// Creates the certificate by copying another one.
+
+	X509Certificate& operator = (const Poco::Crypto::X509Certificate& cert);
+		/// Assigns a certificate.
+
+	~X509Certificate();
+		/// Destroys the X509Certificate.
+
+	bool verify(const std::string& hostName) const;
+		/// Verifies the validity of the certificate against the host name.
+		///
+		/// For this check to be successful, the certificate must contain
+		/// a domain name that matches the domain name
+		/// of the host.
+		/// 
+		/// Returns true if verification succeeded, or false otherwise.
+		
+	static bool verify(const Poco::Crypto::X509Certificate& cert, const std::string& hostName);
+		/// Verifies the validity of the certificate against the host name.
+		///
+		/// For this check to be successful, the certificate must contain
+		/// a domain name that matches the domain name
+		/// of the host.
+		///
+		/// Returns true if verification succeeded, or false otherwise.
+		
+protected:
+	static bool containsWildcards(const std::string& commonName);
+	static bool matchWildcard(const std::string& alias, const std::string& hostName);
+	
+private:
+	enum
+	{
+		NAME_BUFFER_SIZE = 256
+	};
+};
+
+
+} } // namespace Poco::Net
+
+
+#endif // NetSSL_X509Certificate_INCLUDED
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp
new file mode 100644
index 0000000000..84017f7c34
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/AcceptCertificateHandler.cpp
@@ -0,0 +1,38 @@
+//
+// AcceptCertificateHandler.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  AcceptCertificateHandler
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/AcceptCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+AcceptCertificateHandler::AcceptCertificateHandler(bool server): InvalidCertificateHandler(server)
+{
+}
+
+
+AcceptCertificateHandler::~AcceptCertificateHandler()
+{
+}
+
+
+void AcceptCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
+{
+	errorCert.setIgnoreError(true);
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp
new file mode 100644
index 0000000000..8c517748be
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactory.cpp
@@ -0,0 +1,44 @@
+//
+// CertificateHandlerFactory.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  CertificateHandlerFactory
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/CertificateHandlerFactory.h"
+#include "Poco/Net/SSLManager.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+CertificateHandlerFactory::CertificateHandlerFactory()
+{
+}
+
+
+CertificateHandlerFactory::~CertificateHandlerFactory()
+{
+}
+
+
+CertificateHandlerFactoryRegistrar::CertificateHandlerFactoryRegistrar(const std::string& name, CertificateHandlerFactory* pFactory)
+{
+	SSLManager::instance().certificateHandlerFactoryMgr().setFactory(name, pFactory);
+}
+
+
+CertificateHandlerFactoryRegistrar::~CertificateHandlerFactoryRegistrar()
+{
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp
new file mode 100644
index 0000000000..a89bbea11f
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/CertificateHandlerFactoryMgr.cpp
@@ -0,0 +1,69 @@
+//
+// CertificateHandlerFactoryMgr.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  CertificateHandlerFactoryMgr
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/CertificateHandlerFactoryMgr.h"
+#include "Poco/Net/ConsoleCertificateHandler.h"
+#include "Poco/Net/AcceptCertificateHandler.h"
+#include "Poco/Net/RejectCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+CertificateHandlerFactoryMgr::CertificateHandlerFactoryMgr()
+{
+	setFactory("ConsoleCertificateHandler", new CertificateHandlerFactoryImpl<ConsoleCertificateHandler>());
+	setFactory("AcceptCertificateHandler", new CertificateHandlerFactoryImpl<AcceptCertificateHandler>());
+	setFactory("RejectCertificateHandler", new CertificateHandlerFactoryImpl<RejectCertificateHandler>());
+}
+
+
+CertificateHandlerFactoryMgr::~CertificateHandlerFactoryMgr()
+{
+}
+
+
+void CertificateHandlerFactoryMgr::setFactory(const std::string& name, CertificateHandlerFactory* pFactory)
+{
+	bool success = _factories.insert(make_pair(name, Poco::SharedPtr<CertificateHandlerFactory>(pFactory))).second;
+	if (!success)
+		delete pFactory;
+	poco_assert(success);
+}
+		
+
+bool CertificateHandlerFactoryMgr::hasFactory(const std::string& name) const
+{
+	return _factories.find(name) != _factories.end();
+}
+		
+	
+const CertificateHandlerFactory* CertificateHandlerFactoryMgr::getFactory(const std::string& name) const
+{
+	FactoriesMap::const_iterator it = _factories.find(name);
+	if (it != _factories.end())
+		return it->second;
+	else
+		return 0;
+}
+
+
+void CertificateHandlerFactoryMgr::removeFactory(const std::string& name)
+{
+	_factories.erase(name);
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp
new file mode 100644
index 0000000000..db64752e70
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/ConsoleCertificateHandler.cpp
@@ -0,0 +1,53 @@
+//
+// ConsoleCertificateHandler.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  ConsoleCertificateHandler
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/ConsoleCertificateHandler.h"
+#include <iostream>
+
+
+namespace Poco {
+namespace Net {
+
+
+ConsoleCertificateHandler::ConsoleCertificateHandler(bool server): InvalidCertificateHandler(server)
+{
+}
+
+
+ConsoleCertificateHandler::~ConsoleCertificateHandler()
+{
+}
+
+
+void ConsoleCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
+{
+	const X509Certificate& aCert = errorCert.certificate();
+	std::cout << "\n";
+	std::cout << "WARNING: Certificate verification failed\n";
+	std::cout << "----------------------------------------\n";
+	std::cout << "Issuer Name:  " << aCert.issuerName() << "\n";
+	std::cout << "Subject Name: " << aCert.subjectName() << "\n\n";
+	std::cout << "The certificate yielded the error: " << errorCert.errorMessage() << "\n\n";
+	std::cout << "The error occurred in the certificate chain at position " << errorCert.errorDepth() << "\n";
+	std::cout << "Accept the certificate (y,n)? ";
+	char c = 0;
+	std::cin >> c;
+	if (c == 'y' || c == 'Y')
+		errorCert.setIgnoreError(true);
+	else
+		errorCert.setIgnoreError(false);
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/Context.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/Context.cpp
new file mode 100644
index 0000000000..2b16790ca4
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/Context.cpp
@@ -0,0 +1,578 @@
+//
+// Context.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Context
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/Context.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/Net/Utility.h"
+#include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/File.h"
+#include "Poco/Path.h"
+#include "Poco/Timestamp.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+
+
+namespace Poco {
+namespace Net {
+
+
+Context::Params::Params():
+	verificationMode(VERIFY_RELAXED),
+	verificationDepth(9),
+	loadDefaultCAs(false),
+	cipherList("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH")
+{
+}
+
+
+Context::Context(Usage usage, const Params& params):
+	_usage(usage),
+	_mode(params.verificationMode),
+	_pSSLContext(0),
+	_extendedCertificateVerification(true)
+{
+	init(params);
+}
+
+
+Context::Context(
+	Usage usage,
+	const std::string& privateKeyFile,
+	const std::string& certificateFile,
+	const std::string& caLocation,
+	VerificationMode verificationMode,
+	int verificationDepth,
+	bool loadDefaultCAs,
+	const std::string& cipherList):
+	_usage(usage),
+	_mode(verificationMode),
+	_pSSLContext(0),
+	_extendedCertificateVerification(true)
+{
+	Params params;
+	params.privateKeyFile = privateKeyFile;
+	params.certificateFile = certificateFile;
+	params.caLocation = caLocation;
+	params.verificationMode = verificationMode;
+	params.verificationDepth = verificationDepth;
+	params.loadDefaultCAs = loadDefaultCAs;
+	params.cipherList = cipherList;
+	init(params);
+}
+
+
+Context::Context(
+	Usage usage,
+	const std::string& caLocation,
+	VerificationMode verificationMode,
+	int verificationDepth,
+	bool loadDefaultCAs,
+	const std::string& cipherList):
+	_usage(usage),
+	_mode(verificationMode),
+	_pSSLContext(0),
+	_extendedCertificateVerification(true)
+{
+	Params params;
+	params.caLocation = caLocation;
+	params.verificationMode = verificationMode;
+	params.verificationDepth = verificationDepth;
+	params.loadDefaultCAs = loadDefaultCAs;
+	params.cipherList = cipherList;
+	init(params);
+}
+
+
+Context::~Context()
+{
+	try
+	{
+		SSL_CTX_free(_pSSLContext);
+		Poco::Crypto::OpenSSLInitializer::uninitialize();
+	}
+	catch (...)
+	{
+		poco_unexpected();
+	}
+}
+
+
+void Context::init(const Params& params)
+{
+	Poco::Crypto::OpenSSLInitializer::initialize();
+
+	createSSLContext();
+
+	try
+	{
+		int errCode = 0;
+		if (!params.caLocation.empty())
+		{
+			Poco::File aFile(params.caLocation);
+			if (aFile.isDirectory())
+				errCode = SSL_CTX_load_verify_locations(_pSSLContext, 0, Poco::Path::transcode(params.caLocation).c_str());
+			else
+				errCode = SSL_CTX_load_verify_locations(_pSSLContext, Poco::Path::transcode(params.caLocation).c_str(), 0);
+			if (errCode != 1)
+			{
+				std::string msg = Utility::getLastError();
+				throw SSLContextException(std::string("Cannot load CA file/directory at ") + params.caLocation, msg);
+			}
+		}
+
+		if (params.loadDefaultCAs)
+		{
+			errCode = SSL_CTX_set_default_verify_paths(_pSSLContext);
+			if (errCode != 1)
+			{
+				std::string msg = Utility::getLastError();
+				throw SSLContextException("Cannot load default CA certificates", msg);
+			}
+		}
+
+		if (!params.privateKeyFile.empty())
+		{
+			errCode = SSL_CTX_use_PrivateKey_file(_pSSLContext, Poco::Path::transcode(params.privateKeyFile).c_str(), SSL_FILETYPE_PEM);
+			if (errCode != 1)
+			{
+				std::string msg = Utility::getLastError();
+				throw SSLContextException(std::string("Error loading private key from file ") + params.privateKeyFile, msg);
+			}
+		}
+
+		if (!params.certificateFile.empty())
+		{
+			errCode = SSL_CTX_use_certificate_chain_file(_pSSLContext, Poco::Path::transcode(params.certificateFile).c_str());
+			if (errCode != 1)
+			{
+				std::string errMsg = Utility::getLastError();
+				throw SSLContextException(std::string("Error loading certificate from file ") + params.certificateFile, errMsg);
+			}
+		}
+
+		if (isForServerUse())
+			SSL_CTX_set_verify(_pSSLContext, params.verificationMode, &SSLManager::verifyServerCallback);
+		else
+			SSL_CTX_set_verify(_pSSLContext, params.verificationMode, &SSLManager::verifyClientCallback);
+
+		SSL_CTX_set_cipher_list(_pSSLContext, params.cipherList.c_str());
+		SSL_CTX_set_verify_depth(_pSSLContext, params.verificationDepth);
+		SSL_CTX_set_mode(_pSSLContext, SSL_MODE_AUTO_RETRY);
+		SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF);
+
+		initDH(params.dhParamsFile);
+		initECDH(params.ecdhCurve);
+	}
+	catch (...)
+	{
+		SSL_CTX_free(_pSSLContext);
+		throw;
+	}
+}
+
+
+void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate)
+{
+	int errCode = SSL_CTX_use_certificate(_pSSLContext, const_cast<X509*>(certificate.certificate()));
+	if (errCode != 1)
+	{
+		std::string msg = Utility::getLastError();
+		throw SSLContextException("Cannot set certificate for Context", msg);
+	}
+}
+
+
+void Context::addChainCertificate(const Poco::Crypto::X509Certificate& certificate)
+{
+	X509* pCert = certificate.dup();
+	int errCode = SSL_CTX_add_extra_chain_cert(_pSSLContext, pCert);
+	if (errCode != 1)
+	{
+		X509_free(pCert);
+		std::string msg = Utility::getLastError();
+		throw SSLContextException("Cannot add chain certificate to Context", msg);
+	}
+}
+
+
+void Context::addCertificateAuthority(const Crypto::X509Certificate &certificate)
+{
+	if (X509_STORE* store = SSL_CTX_get_cert_store(_pSSLContext))
+	{
+		int errCode = X509_STORE_add_cert(store, const_cast<X509*>(certificate.certificate()));
+		if (errCode != 1)
+		{
+			std::string msg = Utility::getLastError();
+			throw SSLContextException("Cannot add certificate authority to Context", msg);
+		}
+	}
+	else
+	{
+		std::string msg = Utility::getLastError();
+		throw SSLContextException("Cannot add certificate authority to Context", msg);
+	}
+}
+
+
+void Context::usePrivateKey(const Poco::Crypto::RSAKey& key)
+{
+	int errCode = SSL_CTX_use_RSAPrivateKey(_pSSLContext, key.impl()->getRSA());
+	if (errCode != 1)
+	{
+		std::string msg = Utility::getLastError();
+		throw SSLContextException("Cannot set private key for Context", msg);
+	}
+}
+
+
+void Context::enableSessionCache(bool flag)
+{
+	if (flag)
+	{
+		SSL_CTX_set_session_cache_mode(_pSSLContext, isForServerUse() ? SSL_SESS_CACHE_SERVER : SSL_SESS_CACHE_CLIENT);
+	}
+	else
+	{
+		SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF);
+	}
+}
+
+
+void Context::enableSessionCache(bool flag, const std::string& sessionIdContext)
+{
+	poco_assert (isForServerUse());
+
+	if (flag)
+	{
+		SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_SERVER);
+	}
+	else
+	{
+		SSL_CTX_set_session_cache_mode(_pSSLContext, SSL_SESS_CACHE_OFF);
+	}
+
+	unsigned length = static_cast<unsigned>(sessionIdContext.length());
+	if (length > SSL_MAX_SSL_SESSION_ID_LENGTH) length = SSL_MAX_SSL_SESSION_ID_LENGTH;
+	int rc = SSL_CTX_set_session_id_context(_pSSLContext, reinterpret_cast<const unsigned char*>(sessionIdContext.data()), length);
+	if (rc != 1) throw SSLContextException("cannot set session ID context");
+}
+
+
+bool Context::sessionCacheEnabled() const
+{
+	return SSL_CTX_get_session_cache_mode(_pSSLContext) != SSL_SESS_CACHE_OFF;
+}
+
+
+void Context::setSessionCacheSize(std::size_t size)
+{
+	poco_assert (isForServerUse());
+
+	SSL_CTX_sess_set_cache_size(_pSSLContext, static_cast<long>(size));
+}
+
+
+std::size_t Context::getSessionCacheSize() const
+{
+	poco_assert (isForServerUse());
+
+	return static_cast<std::size_t>(SSL_CTX_sess_get_cache_size(_pSSLContext));
+}
+
+
+void Context::setSessionTimeout(long seconds)
+{
+	poco_assert (isForServerUse());
+
+	SSL_CTX_set_timeout(_pSSLContext, seconds);
+}
+
+
+long Context::getSessionTimeout() const
+{
+	poco_assert (isForServerUse());
+
+	return SSL_CTX_get_timeout(_pSSLContext);
+}
+
+
+void Context::flushSessionCache()
+{
+	poco_assert (isForServerUse());
+
+	Poco::Timestamp now;
+	SSL_CTX_flush_sessions(_pSSLContext, static_cast<long>(now.epochTime()));
+}
+
+
+void Context::enableExtendedCertificateVerification(bool flag)
+{
+	_extendedCertificateVerification = flag;
+}
+
+
+void Context::disableStatelessSessionResumption()
+{
+#if defined(SSL_OP_NO_TICKET)
+	SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TICKET);
+#endif
+}
+
+
+void Context::disableProtocols(int protocols)
+{
+	if (protocols & PROTO_SSLV2)
+	{
+#if defined(SSL_OP_NO_SSLv2)
+		SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_SSLv2);
+#endif
+	}
+	if (protocols & PROTO_SSLV3)
+	{
+#if defined(SSL_OP_NO_SSLv3)
+		SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_SSLv3);
+#endif
+	}
+	if (protocols & PROTO_TLSV1)
+	{
+#if defined(SSL_OP_NO_TLSv1)
+		SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1);
+#endif
+	}
+	if (protocols & PROTO_TLSV1_1)
+	{
+#if defined(SSL_OP_NO_TLSv1_1)
+		SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1_1);
+#endif
+	}
+	if (protocols & PROTO_TLSV1_2)
+	{
+#if defined(SSL_OP_NO_TLSv1_2)
+		SSL_CTX_set_options(_pSSLContext, SSL_OP_NO_TLSv1_2);
+#endif
+	}
+}
+
+
+void Context::preferServerCiphers()
+{
+#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
+	SSL_CTX_set_options(_pSSLContext, SSL_OP_CIPHER_SERVER_PREFERENCE);
+#endif
+}
+
+
+void Context::createSSLContext()
+{
+	if (SSLManager::isFIPSEnabled())
+	{
+		_pSSLContext = SSL_CTX_new(TLSv1_method());
+	}
+	else
+	{
+		switch (_usage)
+		{
+		case CLIENT_USE:
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			_pSSLContext = SSL_CTX_new(TLS_client_method());
+#else
+			_pSSLContext = SSL_CTX_new(SSLv23_client_method());
+#endif
+			break;
+		case SERVER_USE:
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			_pSSLContext = SSL_CTX_new(TLS_server_method());
+#else
+			_pSSLContext = SSL_CTX_new(SSLv23_server_method());
+#endif
+			break;
+#if defined(SSL_OP_NO_TLSv1) && !defined(OPENSSL_NO_TLS1)
+		case TLSV1_CLIENT_USE:
+			_pSSLContext = SSL_CTX_new(TLSv1_client_method());
+			break;
+		case TLSV1_SERVER_USE:
+			_pSSLContext = SSL_CTX_new(TLSv1_server_method());
+			break;
+#endif
+#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1)
+/* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version supports TLSv1.1.
+ * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the compiler command line
+ * if TLS1.x was removed at OpenSSL library build time via Configure options.
+ */
+        case TLSV1_1_CLIENT_USE:
+            _pSSLContext = SSL_CTX_new(TLSv1_1_client_method());
+            break;
+        case TLSV1_1_SERVER_USE:
+            _pSSLContext = SSL_CTX_new(TLSv1_1_server_method());
+            break;
+#endif
+#if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1)
+        case TLSV1_2_CLIENT_USE:
+            _pSSLContext = SSL_CTX_new(TLSv1_2_client_method());
+            break;
+        case TLSV1_2_SERVER_USE:
+            _pSSLContext = SSL_CTX_new(TLSv1_2_server_method());
+            break;
+#endif
+		default:
+			throw Poco::InvalidArgumentException("Invalid or unsupported usage");
+		}
+	}
+	if (!_pSSLContext)
+	{
+		unsigned long err = ERR_get_error();
+		throw SSLException("Cannot create SSL_CTX object", ERR_error_string(err, 0));
+	}
+
+	SSL_CTX_set_default_passwd_cb(_pSSLContext, &SSLManager::privateKeyPassphraseCallback);
+	Utility::clearErrorStack();
+	SSL_CTX_set_options(_pSSLContext, SSL_OP_ALL);
+}
+
+
+void Context::initDH(const std::string& dhParamsFile)
+{
+#ifndef OPENSSL_NO_DH
+    // 1024-bit MODP Group with 160-bit prime order subgroup (RFC5114)
+	// -----BEGIN DH PARAMETERS-----
+	// MIIBDAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y
+	// mDjvHi7mUsAT7LSuqQYRIySXXDzUm4O/rMvdfZDEvXCYSI6cIZpzck7/1vrlZEc4
+	// +qMaT/VbzMChUa9fDci0vUW/N982XBpl5oz9p21NpwjfH7K8LkpDcQKBgQCk0cvV
+	// w/00EmdlpELvuZkF+BBN0lisUH/WQGz/FCZtMSZv6h5cQVZLd35pD1UE8hMWAhe0
+	// sBuIal6RVH+eJ0n01/vX07mpLuGQnQ0iY/gKdqaiTAh6CR9THb8KAWm2oorWYqTR
+	// jnOvoy13nVkY0IvIhY9Nzvl8KiSFXm7rIrOy5QICAKA=
+	// -----END DH PARAMETERS-----
+	//
+
+	static const unsigned char dh1024_p[] =
+	{
+		0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,
+		0xAE,0x5D,0x54,0xEC,0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6,
+		0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,0x60,0x73,0xE2,0x86,
+		0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0,
+		0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C,
+		0xD4,0x9B,0x83,0xBF,0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70,
+		0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72,0x4E,0xFF,0xD6,0xFA,
+		0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0,
+		0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF,
+		0x36,0x5C,0x1A,0x65,0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,
+		0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71,
+	};
+
+	static const unsigned char dh1024_g[] =
+	{
+		0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42,
+		0xEF,0xB9,0x99,0x05,0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F,
+		0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,0x26,0x6F,0xEA,0x1E,
+		0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13,
+		0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F,
+		0x9E,0x27,0x49,0xF4,0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1,
+		0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76,0xA6,0xA2,0x4C,0x08,
+		0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A,
+		0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59,
+		0x18,0xD0,0x8B,0xC8,0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24,
+		0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5,
+	};
+
+	DH* dh = 0;
+	if (!dhParamsFile.empty())
+	{
+		BIO* bio = BIO_new_file(dhParamsFile.c_str(), "r");
+		if (!bio)
+		{
+			std::string msg = Utility::getLastError();
+			throw SSLContextException(std::string("Error opening Diffie-Hellman parameters file ") + dhParamsFile, msg);
+		}
+		dh = PEM_read_bio_DHparams(bio, 0, 0, 0);
+		BIO_free(bio);
+		if (!dh)
+		{
+			std::string msg = Utility::getLastError();
+			throw SSLContextException(std::string("Error reading Diffie-Hellman parameters from file ") + dhParamsFile, msg);
+		}
+	}
+	else
+	{
+		dh = DH_new();
+		if (!dh)
+		{
+			std::string msg = Utility::getLastError();
+			throw SSLContextException("Error creating Diffie-Hellman parameters", msg);
+		}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+		BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
+		BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
+		DH_set0_pqg(dh, p, 0, g);
+		DH_set_length(dh, 160);
+		if (!p || !g)
+		{
+			DH_free(dh);
+			throw SSLContextException("Error creating Diffie-Hellman parameters");
+		}
+#else
+		dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
+		dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
+		dh->length = 160;
+		if ((!dh->p) || (!dh->g))
+		{
+			DH_free(dh);
+			throw SSLContextException("Error creating Diffie-Hellman parameters");
+		}
+#endif
+	}
+	SSL_CTX_set_tmp_dh(_pSSLContext, dh);
+	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_DH_USE);
+	DH_free(dh);
+#else
+	if (!dhParamsFile.empty())
+		throw SSLContextException("OpenSSL does not support DH");
+#endif
+}
+
+
+void Context::initECDH(const std::string& curve)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifndef OPENSSL_NO_ECDH
+	int nid = 0;
+	if (!curve.empty())
+	{
+		nid = OBJ_sn2nid(curve.c_str());
+	}
+	else
+	{
+		nid = OBJ_sn2nid("prime256v1");
+	}
+	if (nid == 0)
+	{
+		throw SSLContextException("Unknown ECDH curve name", curve);
+	}
+
+	EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid);
+	if (!ecdh)
+	{
+		throw SSLContextException("Cannot create ECDH curve");
+	}
+	SSL_CTX_set_tmp_ecdh(_pSSLContext, ecdh);
+	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE);
+	EC_KEY_free(ecdh);
+#endif
+#endif
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSClientSession.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSClientSession.cpp
new file mode 100644
index 0000000000..325f36a60a
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSClientSession.cpp
@@ -0,0 +1,189 @@
+//
+// HTTPSClientSession.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSClientSession
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/HTTPSClientSession.h"
+#include "Poco/Net/SecureStreamSocket.h"
+#include "Poco/Net/SecureStreamSocketImpl.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/Net/HTTPRequest.h"
+#include "Poco/Net/HTTPResponse.h"
+#include "Poco/Net/NetException.h"
+#include "Poco/NumberFormatter.h"
+
+
+using Poco::NumberFormatter;
+using Poco::IllegalStateException;
+
+
+namespace Poco {
+namespace Net {
+
+
+HTTPSClientSession::HTTPSClientSession():
+	HTTPClientSession(SecureStreamSocket()),
+	_pContext(SSLManager::instance().defaultClientContext())
+{
+	setPort(HTTPS_PORT);
+}
+
+
+HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket):
+	HTTPClientSession(socket),
+	_pContext(socket.context())
+{
+	setPort(HTTPS_PORT);
+}
+
+
+HTTPSClientSession::HTTPSClientSession(const SecureStreamSocket& socket, Session::Ptr pSession):
+	HTTPClientSession(socket),
+	_pContext(socket.context()),
+	_pSession(pSession)
+{
+	setPort(HTTPS_PORT);
+}
+
+
+HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port):
+	HTTPClientSession(SecureStreamSocket()),
+	_pContext(SSLManager::instance().defaultClientContext())
+{
+	setHost(host);
+	setPort(port);
+}
+
+
+HTTPSClientSession::HTTPSClientSession(Context::Ptr pContext):
+	HTTPClientSession(SecureStreamSocket(pContext)),
+	_pContext(pContext)
+{
+}
+
+
+HTTPSClientSession::HTTPSClientSession(Context::Ptr pContext, Session::Ptr pSession):
+	HTTPClientSession(SecureStreamSocket(pContext, pSession)),
+	_pContext(pContext),
+	_pSession(pSession)
+{
+}
+
+
+HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext):
+	HTTPClientSession(SecureStreamSocket(pContext)),
+	_pContext(pContext)
+{
+	setHost(host);
+	setPort(port);
+}
+
+
+HTTPSClientSession::HTTPSClientSession(const std::string& host, Poco::UInt16 port, Context::Ptr pContext, Session::Ptr pSession):
+	HTTPClientSession(SecureStreamSocket(pContext, pSession)),
+	_pContext(pContext),
+	_pSession(pSession)
+{
+	setHost(host);
+	setPort(port);
+}
+
+
+HTTPSClientSession::~HTTPSClientSession()
+{
+}
+
+
+bool HTTPSClientSession::secure() const
+{
+	return true;
+}
+
+
+void HTTPSClientSession::abort()
+{
+	SecureStreamSocket sss(socket());
+	sss.abort();
+}
+
+
+X509Certificate HTTPSClientSession::serverCertificate()
+{
+	SecureStreamSocket sss(socket());
+	return sss.peerCertificate();
+}
+
+
+std::string HTTPSClientSession::proxyRequestPrefix() const
+{
+	return std::string();
+}
+
+
+void HTTPSClientSession::proxyAuthenticate(HTTPRequest& request)
+{
+}
+
+
+void HTTPSClientSession::connect(const SocketAddress& address)
+{
+	if (getProxyHost().empty() || bypassProxy())
+	{
+		SecureStreamSocket sss(socket());
+		if (sss.getPeerHostName().empty()) 
+		{
+			sss.setPeerHostName(getHost());
+		}
+		if (_pContext->sessionCacheEnabled())
+		{
+			sss.useSession(_pSession);
+		}
+		HTTPSession::connect(address);
+		if (_pContext->sessionCacheEnabled())
+		{
+			_pSession = sss.currentSession();
+		}
+	}
+	else
+	{
+		StreamSocket proxySocket(proxyConnect());
+		SecureStreamSocket secureSocket = SecureStreamSocket::attach(proxySocket, getHost(), _pContext, _pSession);
+		attachSocket(secureSocket);
+		if (_pContext->sessionCacheEnabled())
+		{
+			_pSession = secureSocket.currentSession();
+		}
+	}
+}
+
+
+int HTTPSClientSession::read(char* buffer, std::streamsize length)
+{
+	try
+	{
+		return HTTPSession::read(buffer, length);
+	} 
+	catch(SSLConnectionUnexpectedlyClosedException&)
+	{
+		return 0;
+	}
+}
+
+
+Session::Ptr HTTPSClientSession::sslSession()
+{
+	return _pSession;
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp
new file mode 100644
index 0000000000..fb8774d654
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSSessionInstantiator.cpp
@@ -0,0 +1,71 @@
+//
+// HTTPSSessionInstantiator.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSSessionInstantiator
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/HTTPSSessionInstantiator.h"
+#include "Poco/Net/HTTPSessionFactory.h"
+#include "Poco/Net/HTTPSClientSession.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+HTTPSSessionInstantiator::HTTPSSessionInstantiator()
+{
+}
+
+
+HTTPSSessionInstantiator::HTTPSSessionInstantiator(Context::Ptr pContext) :
+	_pContext(pContext)
+{
+}
+
+
+HTTPSSessionInstantiator::~HTTPSSessionInstantiator()
+{
+}
+
+
+HTTPClientSession* HTTPSSessionInstantiator::createClientSession(const Poco::URI& uri)
+{
+	poco_assert (uri.getScheme() == "https");
+	HTTPSClientSession* pSession = _pContext.isNull() ? new HTTPSClientSession(uri.getHost(), uri.getPort()) : new HTTPSClientSession(uri.getHost(), uri.getPort(), _pContext);
+	if (!proxyHost().empty())
+	{
+		pSession->setProxy(proxyHost(), proxyPort());
+		pSession->setProxyCredentials(proxyUsername(), proxyPassword());
+	}
+	return pSession;
+}
+
+
+void HTTPSSessionInstantiator::registerInstantiator()
+{
+	HTTPSessionFactory::defaultFactory().registerProtocol("https", new HTTPSSessionInstantiator);
+}
+
+
+void HTTPSSessionInstantiator::registerInstantiator(Context::Ptr context)
+{
+	HTTPSessionFactory::defaultFactory().registerProtocol("https", new HTTPSSessionInstantiator(context));
+}
+
+
+void HTTPSSessionInstantiator::unregisterInstantiator()
+{
+	HTTPSessionFactory::defaultFactory().unregisterProtocol("https");
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp
new file mode 100644
index 0000000000..6ef20e63ff
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/HTTPSStreamFactory.cpp
@@ -0,0 +1,194 @@
+//
+// HTTPSStreamFactory.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: HTTPSClient
+// Module:  HTTPSStreamFactory
+//
+// Copyright (c) 2006-2012, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/HTTPSStreamFactory.h"
+#include "Poco/Net/HTTPSClientSession.h"
+#include "Poco/Net/HTTPIOStream.h"
+#include "Poco/Net/HTTPRequest.h"
+#include "Poco/Net/HTTPResponse.h"
+#include "Poco/Net/HTTPCredentials.h"
+#include "Poco/Net/NetException.h"
+#include "Poco/URI.h"
+#include "Poco/URIStreamOpener.h"
+#include "Poco/UnbufferedStreamBuf.h"
+#include "Poco/NullStream.h"
+#include "Poco/StreamCopier.h"
+#include "Poco/Format.h"
+#include "Poco/Version.h"
+
+
+using Poco::URIStreamFactory;
+using Poco::URI;
+using Poco::URIStreamOpener;
+using Poco::UnbufferedStreamBuf;
+
+
+namespace Poco {
+namespace Net {
+
+
+HTTPSStreamFactory::HTTPSStreamFactory():
+	_proxyPort(HTTPSession::HTTP_PORT)
+{
+}
+
+
+HTTPSStreamFactory::HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort):
+	_proxyHost(proxyHost),
+	_proxyPort(proxyPort)
+{
+}
+
+
+HTTPSStreamFactory::HTTPSStreamFactory(const std::string& proxyHost, Poco::UInt16 proxyPort, const std::string& proxyUsername, const std::string& proxyPassword):
+	_proxyHost(proxyHost),
+	_proxyPort(proxyPort),
+	_proxyUsername(proxyUsername),
+	_proxyPassword(proxyPassword)
+{
+}
+
+
+HTTPSStreamFactory::~HTTPSStreamFactory()
+{
+}
+
+
+std::istream* HTTPSStreamFactory::open(const URI& uri)
+{
+	poco_assert (uri.getScheme() == "https" || uri.getScheme() == "http");
+
+	URI resolvedURI(uri);
+	URI proxyUri;
+	HTTPClientSession* pSession = 0;
+	HTTPResponse res;
+	try
+	{
+		bool retry = false;
+		bool authorize = false;
+		int redirects = 0;
+		std::string username;
+		std::string password;
+		
+		do
+		{
+			if (!pSession)
+			{
+				if (resolvedURI.getScheme() != "http")
+					pSession = new HTTPSClientSession(resolvedURI.getHost(), resolvedURI.getPort());
+				else
+					pSession = new HTTPClientSession(resolvedURI.getHost(), resolvedURI.getPort());
+
+				if (proxyUri.empty())
+				{
+					if (!_proxyHost.empty())
+					{
+						pSession->setProxy(_proxyHost, _proxyPort);
+						pSession->setProxyCredentials(_proxyUsername, _proxyPassword);
+					}
+				}
+				else
+				{
+					pSession->setProxy(proxyUri.getHost(), proxyUri.getPort());
+					if (!_proxyUsername.empty())
+					{
+						pSession->setProxyCredentials(_proxyUsername, _proxyPassword);
+					}
+				}
+			}
+			std::string path = resolvedURI.getPathAndQuery();
+			if (path.empty()) path = "/";
+			HTTPRequest req(HTTPRequest::HTTP_GET, path, HTTPMessage::HTTP_1_1);
+			
+			if (authorize)
+			{
+				HTTPCredentials::extractCredentials(uri, username, password);
+				HTTPCredentials cred(username, password);
+				cred.authenticate(req, res);
+			}
+
+			req.set("User-Agent", Poco::format("poco/%d.%d.%d", 
+				(POCO_VERSION >> 24) & 0xFF,
+				(POCO_VERSION >> 16) & 0xFF,
+				(POCO_VERSION >> 8) & 0xFF));
+			req.set("Accept", "*/*");
+
+			pSession->sendRequest(req);
+			std::istream& rs = pSession->receiveResponse(res);
+			bool moved = (res.getStatus() == HTTPResponse::HTTP_MOVED_PERMANENTLY || 
+			              res.getStatus() == HTTPResponse::HTTP_FOUND || 
+			              res.getStatus() == HTTPResponse::HTTP_SEE_OTHER ||
+						  res.getStatus() == HTTPResponse::HTTP_TEMPORARY_REDIRECT);
+			if (moved)
+			{
+				resolvedURI.resolve(res.get("Location"));
+				if (!username.empty())
+				{
+					resolvedURI.setUserInfo(username + ":" + password);
+					authorize = false;
+				}
+				delete pSession; 
+				pSession = 0;
+				++redirects;
+				retry = true;
+			}
+			else if (res.getStatus() == HTTPResponse::HTTP_OK)
+			{
+				return new HTTPResponseStream(rs, pSession);
+			}
+			else if (res.getStatus() == HTTPResponse::HTTP_USEPROXY && !retry)
+			{
+				// The requested resource MUST be accessed through the proxy 
+				// given by the Location field. The Location field gives the 
+				// URI of the proxy. The recipient is expected to repeat this 
+				// single request via the proxy. 305 responses MUST only be generated by origin servers.
+				// only use for one single request!
+				proxyUri.resolve(res.get("Location"));
+				delete pSession; 
+				pSession = 0;
+				retry = true; // only allow useproxy once
+			}
+			else if (res.getStatus() == HTTPResponse::HTTP_UNAUTHORIZED && !authorize)
+			{
+				authorize = true;
+				retry = true;
+				Poco::NullOutputStream null;
+				Poco::StreamCopier::copyStream(rs, null);
+			}
+			else throw HTTPException(res.getReason(), uri.toString());
+		}
+		while (retry && redirects < MAX_REDIRECTS);
+		throw HTTPException("Too many redirects", uri.toString());
+	}
+	catch (...)
+	{
+		delete pSession;
+		throw;
+	}
+}
+
+
+void HTTPSStreamFactory::registerFactory()
+{
+	URIStreamOpener::defaultOpener().registerStreamFactory("https", new HTTPSStreamFactory);
+}
+
+
+void HTTPSStreamFactory::unregisterFactory()
+{
+	URIStreamOpener::defaultOpener().unregisterStreamFactory("https");
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp
new file mode 100644
index 0000000000..7cf68613c4
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/InvalidCertificateHandler.cpp
@@ -0,0 +1,52 @@
+//
+// InvalidCertificateHandler.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  InvalidCertificateHandler
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/InvalidCertificateHandler.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Delegate.h"
+
+
+using Poco::Delegate;
+
+
+namespace Poco {
+namespace Net {
+
+
+InvalidCertificateHandler::InvalidCertificateHandler(bool handleErrorsOnServerSide): _handleErrorsOnServerSide(handleErrorsOnServerSide)
+{
+	if (_handleErrorsOnServerSide)
+		SSLManager::instance().ServerVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
+	else
+		SSLManager::instance().ClientVerificationError += Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
+}
+
+
+InvalidCertificateHandler::~InvalidCertificateHandler()
+{
+	try
+	{
+		if (_handleErrorsOnServerSide)
+			SSLManager::instance().ServerVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
+		else
+			SSLManager::instance().ClientVerificationError -= Delegate<InvalidCertificateHandler, VerificationErrorArgs>(this, &InvalidCertificateHandler::onInvalidCertificate);
+	}
+	catch (...)
+	{
+		poco_unexpected();
+	}
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp
new file mode 100644
index 0000000000..a0a144216e
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyConsoleHandler.cpp
@@ -0,0 +1,40 @@
+//
+// KeyConsoleHandler.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  KeyConsoleHandler
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/KeyConsoleHandler.h"
+#include <iostream>
+
+
+namespace Poco {
+namespace Net {
+
+
+KeyConsoleHandler::KeyConsoleHandler(bool server):PrivateKeyPassphraseHandler(server)
+{
+}
+
+
+KeyConsoleHandler::~KeyConsoleHandler()
+{
+}
+
+
+void KeyConsoleHandler::onPrivateKeyRequested(const void* /*pSender*/, std::string& privateKey)
+{
+	std::cout << "Please enter the passphrase for the private key: ";
+	std::cin >> privateKey;
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/KeyFileHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyFileHandler.cpp
new file mode 100644
index 0000000000..d188b4575c
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/KeyFileHandler.cpp
@@ -0,0 +1,61 @@
+//
+// KeyFileHandler.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  KeyFileHandler
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/KeyFileHandler.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/File.h"
+#include "Poco/Util/AbstractConfiguration.h"
+#include "Poco/Util/Application.h"
+#include "Poco/Util/OptionException.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+const std::string KeyFileHandler::CFG_PRIV_KEY_FILE("privateKeyPassphraseHandler.options.password");
+
+
+KeyFileHandler::KeyFileHandler(bool server):PrivateKeyPassphraseHandler(server)
+{
+}
+
+
+KeyFileHandler::~KeyFileHandler()
+{
+}
+
+
+void KeyFileHandler::onPrivateKeyRequested(const void* /*pSender*/, std::string& privateKey)
+{
+	try
+	{
+		Poco::Util::AbstractConfiguration& config = Poco::Util::Application::instance().config();
+		std::string prefix = serverSide() ? SSLManager::CFG_SERVER_PREFIX : SSLManager::CFG_CLIENT_PREFIX;
+		if (!config.hasProperty(prefix + CFG_PRIV_KEY_FILE))
+			throw Poco::Util::EmptyOptionException(std::string("Missing Configuration Entry: ") + prefix + CFG_PRIV_KEY_FILE);
+		
+		privateKey = config.getString(prefix + CFG_PRIV_KEY_FILE);
+	}
+	catch (Poco::NullPointerException&)
+	{
+		throw Poco::IllegalStateException(
+			"An application configuration is required to obtain the private key passphrase, "
+			"but no Poco::Util::Application instance is available."
+			);
+	}
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp
new file mode 100644
index 0000000000..90297c351e
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactory.cpp
@@ -0,0 +1,44 @@
+//
+// PrivateKeyFactory.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyFactory
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/PrivateKeyFactory.h"
+#include "Poco/Net/SSLManager.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+PrivateKeyFactory::PrivateKeyFactory()
+{
+}
+
+
+PrivateKeyFactory::~PrivateKeyFactory()
+{
+}
+
+
+PrivateKeyFactoryRegistrar::PrivateKeyFactoryRegistrar(const std::string& name, PrivateKeyFactory* pFactory)
+{
+	SSLManager::instance().privateKeyFactoryMgr().setFactory(name, pFactory);
+}
+
+
+PrivateKeyFactoryRegistrar::~PrivateKeyFactoryRegistrar()
+{
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp
new file mode 100644
index 0000000000..94b4ad34ba
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyFactoryMgr.cpp
@@ -0,0 +1,67 @@
+//
+// PrivateKeyFactoryMgr.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyFactoryMgr
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/PrivateKeyFactoryMgr.h"
+#include "Poco/Net/KeyFileHandler.h"
+#include "Poco/Net/KeyConsoleHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+PrivateKeyFactoryMgr::PrivateKeyFactoryMgr()
+{
+	setFactory("KeyFileHandler", new PrivateKeyFactoryImpl<KeyFileHandler>());
+	setFactory("KeyConsoleHandler", new PrivateKeyFactoryImpl<KeyConsoleHandler>());
+}
+
+
+PrivateKeyFactoryMgr::~PrivateKeyFactoryMgr()
+{
+}
+
+
+void PrivateKeyFactoryMgr::setFactory(const std::string& name, PrivateKeyFactory* pFactory)
+{
+	bool success = _factories.insert(make_pair(name, Poco::SharedPtr<PrivateKeyFactory>(pFactory))).second;
+	if (!success)
+		delete pFactory;
+	poco_assert(success);
+}
+		
+
+bool PrivateKeyFactoryMgr::hasFactory(const std::string& name) const
+{
+	return _factories.find(name) != _factories.end();
+}
+		
+	
+const PrivateKeyFactory* PrivateKeyFactoryMgr::getFactory(const std::string& name) const
+{
+	FactoriesMap::const_iterator it = _factories.find(name);
+	if (it != _factories.end())
+		return it->second;
+	else
+		return 0;
+}
+
+
+void PrivateKeyFactoryMgr::removeFactory(const std::string& name)
+{
+	_factories.erase(name);
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp
new file mode 100644
index 0000000000..9c1386c74c
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/PrivateKeyPassphraseHandler.cpp
@@ -0,0 +1,46 @@
+//
+// PrivateKeyPassphraseHandler.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  PrivateKeyPassphraseHandler
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/PrivateKeyPassphraseHandler.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Delegate.h"
+
+
+using Poco::Delegate;
+
+
+namespace Poco {
+namespace Net {
+
+
+PrivateKeyPassphraseHandler::PrivateKeyPassphraseHandler(bool onServerSide): _serverSide(onServerSide)
+{
+	SSLManager::instance().PrivateKeyPassphraseRequired += Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested);
+}
+
+
+PrivateKeyPassphraseHandler::~PrivateKeyPassphraseHandler()
+{
+	try
+	{
+		SSLManager::instance().PrivateKeyPassphraseRequired -= Delegate<PrivateKeyPassphraseHandler, std::string>(this, &PrivateKeyPassphraseHandler::onPrivateKeyRequested);
+	}
+	catch (...)
+	{
+		poco_unexpected();
+	}
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/RejectCertificateHandler.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/RejectCertificateHandler.cpp
new file mode 100644
index 0000000000..1502a13e86
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/RejectCertificateHandler.cpp
@@ -0,0 +1,38 @@
+//
+// RejectCertificateHandler.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  RejectCertificateHandler
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/RejectCertificateHandler.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+RejectCertificateHandler::RejectCertificateHandler(bool server): InvalidCertificateHandler(server)
+{
+}
+
+
+RejectCertificateHandler::~RejectCertificateHandler()
+{
+}
+
+
+void RejectCertificateHandler::onInvalidCertificate(const void*, VerificationErrorArgs& errorCert)
+{
+	errorCert.setIgnoreError(false);
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SSLException.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLException.cpp
new file mode 100644
index 0000000000..2b64d2a4d6
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLException.cpp
@@ -0,0 +1,30 @@
+//
+// SSLException.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  SSLException
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SSLException.h"
+#include <typeinfo>
+
+
+namespace Poco {
+namespace Net {
+
+
+POCO_IMPLEMENT_EXCEPTION(SSLException, NetException, "SSL Exception")
+POCO_IMPLEMENT_EXCEPTION(SSLContextException, SSLException, "SSL context exception")
+POCO_IMPLEMENT_EXCEPTION(InvalidCertificateException, SSLException, "Invalid certficate")
+POCO_IMPLEMENT_EXCEPTION(CertificateValidationException, SSLException, "Certificate validation error")
+POCO_IMPLEMENT_EXCEPTION(SSLConnectionUnexpectedlyClosedException, SSLException, "SSL connection unexpectedly closed")
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SSLManager.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLManager.cpp
new file mode 100644
index 0000000000..abb4389f26
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SSLManager.cpp
@@ -0,0 +1,460 @@
+//
+// SSLManager.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  SSLManager
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/Utility.h"
+#include "Poco/Net/PrivateKeyPassphraseHandler.h"
+#include "Poco/Net/RejectCertificateHandler.h"
+#include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/SingletonHolder.h"
+#include "Poco/Delegate.h"
+#include "Poco/StringTokenizer.h"
+#include "Poco/Util/Application.h"
+#include "Poco/Util/OptionException.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+const std::string SSLManager::CFG_PRIV_KEY_FILE("privateKeyFile");
+const std::string SSLManager::CFG_CERTIFICATE_FILE("certificateFile");
+const std::string SSLManager::CFG_CA_LOCATION("caConfig");
+const std::string SSLManager::CFG_VER_MODE("verificationMode");
+const Context::VerificationMode SSLManager::VAL_VER_MODE(Context::VERIFY_RELAXED);
+const std::string SSLManager::CFG_VER_DEPTH("verificationDepth");
+const int         SSLManager::VAL_VER_DEPTH(9);
+const std::string SSLManager::CFG_ENABLE_DEFAULT_CA("loadDefaultCAFile");
+const bool        SSLManager::VAL_ENABLE_DEFAULT_CA(true);
+const std::string SSLManager::CFG_CIPHER_LIST("cipherList");
+const std::string SSLManager::CFG_CYPHER_LIST("cypherList");
+const std::string SSLManager::VAL_CIPHER_LIST("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+const std::string SSLManager::CFG_PREFER_SERVER_CIPHERS("preferServerCiphers");
+const std::string SSLManager::CFG_DELEGATE_HANDLER("privateKeyPassphraseHandler.name");
+const std::string SSLManager::VAL_DELEGATE_HANDLER("KeyConsoleHandler");
+const std::string SSLManager::CFG_CERTIFICATE_HANDLER("invalidCertificateHandler.name");
+const std::string SSLManager::VAL_CERTIFICATE_HANDLER("ConsoleCertificateHandler");
+const std::string SSLManager::CFG_SERVER_PREFIX("openSSL.server.");
+const std::string SSLManager::CFG_CLIENT_PREFIX("openSSL.client.");
+const std::string SSLManager::CFG_CACHE_SESSIONS("cacheSessions");
+const std::string SSLManager::CFG_SESSION_ID_CONTEXT("sessionIdContext");
+const std::string SSLManager::CFG_SESSION_CACHE_SIZE("sessionCacheSize");
+const std::string SSLManager::CFG_SESSION_TIMEOUT("sessionTimeout");
+const std::string SSLManager::CFG_EXTENDED_VERIFICATION("extendedVerification");
+const std::string SSLManager::CFG_REQUIRE_TLSV1("requireTLSv1");
+const std::string SSLManager::CFG_REQUIRE_TLSV1_1("requireTLSv1_1");
+const std::string SSLManager::CFG_REQUIRE_TLSV1_2("requireTLSv1_2");
+const std::string SSLManager::CFG_DISABLE_PROTOCOLS("disableProtocols");
+const std::string SSLManager::CFG_DH_PARAMS_FILE("dhParamsFile");
+const std::string SSLManager::CFG_ECDH_CURVE("ecdhCurve");
+#ifdef OPENSSL_FIPS
+const std::string SSLManager::CFG_FIPS_MODE("openSSL.fips");
+const bool        SSLManager::VAL_FIPS_MODE(false);
+#endif
+
+
+SSLManager::SSLManager()
+{
+}
+
+
+SSLManager::~SSLManager()
+{
+	try
+	{
+		shutdown();
+	}
+	catch (...)
+	{
+		poco_unexpected();
+	}
+}
+
+
+void SSLManager::shutdown()
+{
+	PrivateKeyPassphraseRequired.clear();
+	ClientVerificationError.clear();
+	ServerVerificationError.clear();
+	_ptrDefaultServerContext = 0;
+	_ptrDefaultClientContext = 0;
+}
+
+
+namespace
+{
+	static Poco::SingletonHolder<SSLManager> singleton;
+}
+
+
+SSLManager& SSLManager::instance()
+{
+	return *singleton.get();
+}
+
+
+void SSLManager::initializeServer(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext)
+{
+	_ptrServerPassphraseHandler  = ptrPassphraseHandler;
+	_ptrServerCertificateHandler = ptrHandler;
+	_ptrDefaultServerContext     = ptrContext;
+}
+
+
+void SSLManager::initializeClient(PrivateKeyPassphraseHandlerPtr ptrPassphraseHandler, InvalidCertificateHandlerPtr ptrHandler, Context::Ptr ptrContext)
+{
+	_ptrClientPassphraseHandler  = ptrPassphraseHandler;
+	_ptrClientCertificateHandler = ptrHandler;
+	_ptrDefaultClientContext     = ptrContext;
+}
+
+
+Context::Ptr SSLManager::defaultServerContext()
+{
+	Poco::FastMutex::ScopedLock lock(_mutex);
+	
+	if (!_ptrDefaultServerContext)
+		initDefaultContext(true);
+
+	return _ptrDefaultServerContext;
+}
+
+
+Context::Ptr SSLManager::defaultClientContext()
+{
+	Poco::FastMutex::ScopedLock lock(_mutex);
+
+	if (!_ptrDefaultClientContext)
+	{
+		try
+		{
+			initDefaultContext(false);
+		}
+		catch (Poco::IllegalStateException&)
+		{
+			_ptrClientCertificateHandler = new RejectCertificateHandler(false);
+			_ptrDefaultClientContext = new Context(Context::CLIENT_USE, "", Context::VERIFY_RELAXED, 9, true);
+			_ptrDefaultClientContext->disableProtocols(Context::PROTO_SSLV2 | Context::PROTO_SSLV3);
+		}
+	}
+		
+	return _ptrDefaultClientContext;
+}
+
+
+SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::serverPassphraseHandler()
+{
+	Poco::FastMutex::ScopedLock lock(_mutex);
+
+	if (!_ptrServerPassphraseHandler)
+		initPassphraseHandler(true);
+
+	return _ptrServerPassphraseHandler;
+}
+
+
+SSLManager::PrivateKeyPassphraseHandlerPtr SSLManager::clientPassphraseHandler()
+{
+	Poco::FastMutex::ScopedLock lock(_mutex);
+
+	if (!_ptrClientPassphraseHandler)
+		initPassphraseHandler(false);
+
+	return _ptrClientPassphraseHandler;
+}
+
+
+SSLManager::InvalidCertificateHandlerPtr SSLManager::serverCertificateHandler()
+{
+	Poco::FastMutex::ScopedLock lock(_mutex);
+
+	if (!_ptrServerCertificateHandler)
+		initCertificateHandler(true);
+
+	return _ptrServerCertificateHandler;
+}
+
+
+SSLManager::InvalidCertificateHandlerPtr SSLManager::clientCertificateHandler()
+{
+	Poco::FastMutex::ScopedLock lock(_mutex);
+
+	if (!_ptrClientCertificateHandler)
+		initCertificateHandler(false);
+
+	return _ptrClientCertificateHandler;
+}
+
+
+int SSLManager::verifyCallback(bool server, int ok, X509_STORE_CTX* pStore)
+{
+	if (!ok)
+	{
+		X509* pCert = X509_STORE_CTX_get_current_cert(pStore);
+		X509Certificate x509(pCert, true);
+		int depth = X509_STORE_CTX_get_error_depth(pStore);
+		int err = X509_STORE_CTX_get_error(pStore);
+		std::string error(X509_verify_cert_error_string(err));
+		VerificationErrorArgs args(x509, depth, err, error);
+		if (server)
+			SSLManager::instance().ServerVerificationError.notify(&SSLManager::instance(), args);
+		else
+			SSLManager::instance().ClientVerificationError.notify(&SSLManager::instance(), args);
+		ok = args.getIgnoreError() ? 1 : 0;
+	}
+
+	return ok;
+}
+
+
+int SSLManager::privateKeyPassphraseCallback(char* pBuf, int size, int /*flag*/, void* /*userData*/)
+{
+	std::string pwd;
+	SSLManager::instance().PrivateKeyPassphraseRequired.notify(&SSLManager::instance(), pwd);
+
+	strncpy(pBuf, (char *)(pwd.c_str()), size);
+	pBuf[size - 1] = '\0';
+	if (size > pwd.length())
+		size = (int) pwd.length();
+
+	return size;
+}
+
+
+void SSLManager::initDefaultContext(bool server)
+{
+	if (server && _ptrDefaultServerContext) return;
+	if (!server && _ptrDefaultClientContext) return;
+
+	Poco::Crypto::OpenSSLInitializer openSSLInitializer;
+	initEvents(server);
+	Poco::Util::AbstractConfiguration& config = appConfig();
+
+#ifdef OPENSSL_FIPS
+	bool fipsEnabled = config.getBool(CFG_FIPS_MODE, VAL_FIPS_MODE);
+	if (fipsEnabled && !Poco::Crypto::OpenSSLInitializer::isFIPSEnabled())
+	{
+		Poco::Crypto::OpenSSLInitializer::enableFIPSMode(true);
+	}
+#endif
+
+	std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
+
+	Context::Params params;
+	// mandatory options
+	params.privateKeyFile = config.getString(prefix + CFG_PRIV_KEY_FILE, "");
+	params.certificateFile = config.getString(prefix + CFG_CERTIFICATE_FILE, params.privateKeyFile);	
+	params.caLocation = config.getString(prefix + CFG_CA_LOCATION, "");
+
+	if (server && params.certificateFile.empty() && params.privateKeyFile.empty())
+		throw SSLException("Configuration error: no certificate file has been specified");
+
+	// optional options for which we have defaults defined
+	params.verificationMode = VAL_VER_MODE;
+	if (config.hasProperty(prefix + CFG_VER_MODE))
+	{
+		// either: none, relaxed, strict, once
+		std::string mode = config.getString(prefix + CFG_VER_MODE);
+		params.verificationMode = Utility::convertVerificationMode(mode);
+	}
+
+	params.verificationDepth = config.getInt(prefix + CFG_VER_DEPTH, VAL_VER_DEPTH);
+	params.loadDefaultCAs = config.getBool(prefix + CFG_ENABLE_DEFAULT_CA, VAL_ENABLE_DEFAULT_CA);
+	params.cipherList = config.getString(prefix + CFG_CIPHER_LIST, VAL_CIPHER_LIST);
+	params.cipherList = config.getString(prefix + CFG_CYPHER_LIST, params.cipherList); // for backwards compatibility
+	bool requireTLSv1 = config.getBool(prefix + CFG_REQUIRE_TLSV1, false);
+	bool requireTLSv1_1 = config.getBool(prefix + CFG_REQUIRE_TLSV1_1, false);
+	bool requireTLSv1_2 = config.getBool(prefix + CFG_REQUIRE_TLSV1_2, false);
+
+	params.dhParamsFile = config.getString(prefix + CFG_DH_PARAMS_FILE, "");
+	params.ecdhCurve    = config.getString(prefix + CFG_ECDH_CURVE, "");
+
+	Context::Usage usage;
+	
+	if (server)
+	{
+		if (requireTLSv1_2)
+			usage = Context::TLSV1_2_SERVER_USE;
+		else if (requireTLSv1_1)
+			usage = Context::TLSV1_1_SERVER_USE;
+		else if (requireTLSv1)
+			usage = Context::TLSV1_SERVER_USE;
+		else
+			usage = Context::SERVER_USE;
+		_ptrDefaultServerContext = new Context(usage, params);
+	}
+	else
+	{
+		if (requireTLSv1_2)
+			usage = Context::TLSV1_2_CLIENT_USE;
+		else if (requireTLSv1_1)
+			usage = Context::TLSV1_1_CLIENT_USE;
+		else if (requireTLSv1)
+			usage = Context::TLSV1_CLIENT_USE;
+		else
+			usage = Context::CLIENT_USE;
+		_ptrDefaultClientContext = new Context(usage, params);
+	}
+	
+	std::string disabledProtocolsList = config.getString(prefix + CFG_DISABLE_PROTOCOLS, "");
+	Poco::StringTokenizer dpTok(disabledProtocolsList, ";,", Poco::StringTokenizer::TOK_TRIM | Poco::StringTokenizer::TOK_IGNORE_EMPTY);
+	int disabledProtocols = 0;
+	for (Poco::StringTokenizer::Iterator it = dpTok.begin(); it != dpTok.end(); ++it)
+	{
+		if (*it == "sslv2")
+			disabledProtocols |= Context::PROTO_SSLV2;
+		else if (*it == "sslv3")
+			disabledProtocols |= Context::PROTO_SSLV3;
+		else if (*it == "tlsv1")
+			disabledProtocols |= Context::PROTO_TLSV1;
+		else if (*it == "tlsv1_1")
+			disabledProtocols |= Context::PROTO_TLSV1_1;
+		else if (*it == "tlsv1_2")
+			disabledProtocols |= Context::PROTO_TLSV1_2;
+	}
+	if (server)
+		_ptrDefaultServerContext->disableProtocols(disabledProtocols);
+	else
+		_ptrDefaultClientContext->disableProtocols(disabledProtocols);
+		
+	bool cacheSessions = config.getBool(prefix + CFG_CACHE_SESSIONS, false);
+	if (server)
+	{
+		std::string sessionIdContext = config.getString(prefix + CFG_SESSION_ID_CONTEXT, config.getString("application.name", ""));
+		_ptrDefaultServerContext->enableSessionCache(cacheSessions, sessionIdContext);
+		if (config.hasProperty(prefix + CFG_SESSION_CACHE_SIZE))
+		{
+			int cacheSize = config.getInt(prefix + CFG_SESSION_CACHE_SIZE);
+			_ptrDefaultServerContext->setSessionCacheSize(cacheSize);
+		}
+		if (config.hasProperty(prefix + CFG_SESSION_TIMEOUT))
+		{
+			int timeout = config.getInt(prefix + CFG_SESSION_TIMEOUT);
+			_ptrDefaultServerContext->setSessionTimeout(timeout);
+		}
+	}
+	else
+	{
+		_ptrDefaultClientContext->enableSessionCache(cacheSessions);
+	}
+	bool extendedVerification = config.getBool(prefix + CFG_EXTENDED_VERIFICATION, false);
+	if (server)
+		_ptrDefaultServerContext->enableExtendedCertificateVerification(extendedVerification);
+	else
+		_ptrDefaultClientContext->enableExtendedCertificateVerification(extendedVerification);
+
+	bool preferServerCiphers = config.getBool(prefix + CFG_PREFER_SERVER_CIPHERS, false);
+	if (preferServerCiphers)
+	{
+		if (server)
+			_ptrDefaultServerContext->preferServerCiphers();
+		else
+			_ptrDefaultClientContext->preferServerCiphers();
+	}
+}
+
+
+void SSLManager::initEvents(bool server)
+{
+	initPassphraseHandler(server);
+	initCertificateHandler(server);
+}
+
+
+void SSLManager::initPassphraseHandler(bool server)
+{
+	if (server && _ptrServerPassphraseHandler) return;
+	if (!server && _ptrClientPassphraseHandler) return;
+	
+	std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
+	Poco::Util::AbstractConfiguration& config = appConfig();
+
+	std::string className(config.getString(prefix + CFG_DELEGATE_HANDLER, VAL_DELEGATE_HANDLER));
+
+	const PrivateKeyFactory* pFactory = 0;
+	if (privateKeyFactoryMgr().hasFactory(className))
+	{
+		pFactory = privateKeyFactoryMgr().getFactory(className);
+	}
+
+	if (pFactory)
+	{
+		if (server)
+			_ptrServerPassphraseHandler = pFactory->create(server);
+		else
+			_ptrClientPassphraseHandler = pFactory->create(server);
+	}
+	else throw Poco::Util::UnknownOptionException(std::string("No passphrase handler known with the name ") + className);
+}
+	
+
+void SSLManager::initCertificateHandler(bool server)
+{
+	if (server && _ptrServerCertificateHandler) return;
+	if (!server && _ptrClientCertificateHandler) return;
+
+	std::string prefix = server ? CFG_SERVER_PREFIX : CFG_CLIENT_PREFIX;
+	Poco::Util::AbstractConfiguration& config = appConfig();
+
+	std::string className(config.getString(prefix+CFG_CERTIFICATE_HANDLER, VAL_CERTIFICATE_HANDLER));
+
+	const CertificateHandlerFactory* pFactory = 0;
+	if (certificateHandlerFactoryMgr().hasFactory(className))
+	{
+		pFactory = certificateHandlerFactoryMgr().getFactory(className);
+	}
+
+	if (pFactory)
+	{
+		if (server)
+			_ptrServerCertificateHandler = pFactory->create(true);
+		else
+			_ptrClientCertificateHandler = pFactory->create(false);
+	}
+	else throw Poco::Util::UnknownOptionException(std::string("No InvalidCertificate handler known with the name ") + className);
+}
+
+
+Poco::Util::AbstractConfiguration& SSLManager::appConfig()
+{
+	try
+	{
+		return Poco::Util::Application::instance().config();
+	}
+	catch (Poco::NullPointerException&)
+	{
+		throw Poco::IllegalStateException(
+			"An application configuration is required to initialize the Poco::Net::SSLManager, "
+			"but no Poco::Util::Application instance is available."
+		);
+	}
+}
+
+
+void initializeSSL()
+{
+	Poco::Crypto::initializeCrypto();
+}
+
+
+void uninitializeSSL()
+{
+	SSLManager::instance().shutdown();
+	Poco::Crypto::uninitializeCrypto();
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSMTPClientSession.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSMTPClientSession.cpp
new file mode 100644
index 0000000000..c1a9569bc7
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSMTPClientSession.cpp
@@ -0,0 +1,64 @@
+//
+// SecureSMTPClientSession.h
+//
+// Library: NetSSL_OpenSSL
+// Package: Mail
+// Module:  SecureSMTPClientSession
+//
+// Copyright (c) 2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SecureSMTPClientSession.h"
+#include "Poco/Net/SecureStreamSocket.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Net/DialogSocket.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+SecureSMTPClientSession::SecureSMTPClientSession(const StreamSocket& socket):
+	SMTPClientSession(socket)
+{
+}
+
+
+SecureSMTPClientSession::SecureSMTPClientSession(const std::string& host, Poco::UInt16 port):
+	SMTPClientSession(host, port),
+	_host(host)
+{
+}
+
+
+SecureSMTPClientSession::~SecureSMTPClientSession()
+{
+}
+
+
+bool SecureSMTPClientSession::startTLS()
+{
+	return startTLS(SSLManager::instance().defaultClientContext());
+}
+
+
+bool SecureSMTPClientSession::startTLS(Context::Ptr pContext)
+{
+	int status = 0;
+	std::string response;
+	
+	status = sendCommand("STARTTLS", response);
+	if (!isPositiveCompletion(status)) return false;
+
+	SecureStreamSocket sss(SecureStreamSocket::attach(socket(), _host, pContext));
+	socket() = sss;
+	
+	return true;
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocket.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocket.cpp
new file mode 100644
index 0000000000..a394304ace
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocket.cpp
@@ -0,0 +1,121 @@
+//
+// SecureServerSocket.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureServerSocket
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SecureServerSocket.h"
+#include "Poco/Net/SecureServerSocketImpl.h"
+#include "Poco/Net/SecureStreamSocket.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Exception.h"
+
+
+using Poco::InvalidArgumentException;
+
+
+namespace Poco {
+namespace Net {
+
+
+SecureServerSocket::SecureServerSocket(): 
+	ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true)
+{
+}
+
+
+SecureServerSocket::SecureServerSocket(Context::Ptr pContext):
+	ServerSocket(new SecureServerSocketImpl(pContext), true)
+{
+}
+
+
+SecureServerSocket::SecureServerSocket(const Socket& socket): 
+	ServerSocket(socket)
+{
+	if (!dynamic_cast<SecureServerSocketImpl*>(impl()))
+		throw InvalidArgumentException("Cannot assign incompatible socket");
+}
+
+
+SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog): 
+	ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true)
+{
+	impl()->bind(address, true);
+	impl()->listen(backlog);
+}
+
+
+SecureServerSocket::SecureServerSocket(const SocketAddress& address, int backlog, Context::Ptr pContext): 
+	ServerSocket(new SecureServerSocketImpl(pContext), true)
+{
+	impl()->bind(address, true);
+	impl()->listen(backlog);
+}
+
+
+SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog): 
+	ServerSocket(new SecureServerSocketImpl(SSLManager::instance().defaultServerContext()), true)
+{
+	IPAddress wildcardAddr;
+	SocketAddress address(wildcardAddr, port);
+	impl()->bind(address, true);
+	impl()->listen(backlog);
+}
+
+SecureServerSocket::SecureServerSocket(Poco::UInt16 port, int backlog, Context::Ptr pContext): 
+	ServerSocket(new SecureServerSocketImpl(pContext), true)
+{
+	IPAddress wildcardAddr;
+	SocketAddress address(wildcardAddr, port);
+	impl()->bind(address, true);
+	impl()->listen(backlog);
+}
+
+
+SecureServerSocket::~SecureServerSocket()
+{
+}
+
+
+SecureServerSocket& SecureServerSocket::operator = (const Socket& socket)
+{
+	if (&socket != this)
+	{
+		if (dynamic_cast<SecureServerSocketImpl*>(socket.impl()))
+			ServerSocket::operator = (socket);
+		else
+			throw InvalidArgumentException("Cannot assign incompatible socket");
+	}
+	return *this;
+}
+
+
+StreamSocket SecureServerSocket::acceptConnection(SocketAddress& clientAddr)
+{
+	return SecureStreamSocket(impl()->acceptConnection(clientAddr));
+}
+
+
+StreamSocket SecureServerSocket::acceptConnection()
+{
+	SocketAddress clientAddr;
+	return SecureStreamSocket(impl()->acceptConnection(clientAddr));
+}
+
+
+Context::Ptr SecureServerSocket::context() const
+{
+	return static_cast<SecureServerSocketImpl*>(impl())->context();
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp
new file mode 100644
index 0000000000..0175622a73
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureServerSocketImpl.cpp
@@ -0,0 +1,122 @@
+//
+// SecureServerSocketImpl.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureServerSocketImpl
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SecureServerSocketImpl.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+SecureServerSocketImpl::SecureServerSocketImpl(Context::Ptr pContext):
+	_impl(new ServerSocketImpl, pContext)
+{
+}
+
+
+SecureServerSocketImpl::~SecureServerSocketImpl()
+{
+	try
+	{
+		reset();
+	}
+	catch (...)
+	{
+		poco_unexpected();
+	}
+}
+
+
+SocketImpl* SecureServerSocketImpl::acceptConnection(SocketAddress& clientAddr)
+{
+	return _impl.acceptConnection(clientAddr);
+}
+
+
+void SecureServerSocketImpl::connect(const SocketAddress& /*address*/)
+{
+	throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket");
+}
+
+
+void SecureServerSocketImpl::connect(const SocketAddress& /*address*/, const Poco::Timespan& /*timeout*/)
+{
+	throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket");
+}
+	
+
+void SecureServerSocketImpl::connectNB(const SocketAddress& /*address*/)
+{
+	throw Poco::InvalidAccessException("Cannot connect() a SecureServerSocket");
+}
+	
+
+void SecureServerSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort)
+{
+	_impl.bind(address, reuseAddress, reusePort);
+	reset(_impl.sockfd());
+}
+
+	
+void SecureServerSocketImpl::listen(int backlog)
+{
+	_impl.listen(backlog);
+	reset(_impl.sockfd());
+}
+	
+
+void SecureServerSocketImpl::close()
+{
+	reset();
+	_impl.close();
+}
+	
+
+int SecureServerSocketImpl::sendBytes(const void* /*buffer*/, int /*length*/, int /*flags*/)
+{
+	throw Poco::InvalidAccessException("Cannot sendBytes() on a SecureServerSocket");
+}
+
+
+int SecureServerSocketImpl::receiveBytes(void* /*buffer*/, int /*length*/, int /*flags*/)
+{
+	throw Poco::InvalidAccessException("Cannot receiveBytes() on a SecureServerSocket");
+}
+
+
+int SecureServerSocketImpl::sendTo(const void* /*buffer*/, int /*length*/, const SocketAddress& /*address*/, int /*flags*/)
+{
+	throw Poco::InvalidAccessException("Cannot sendTo() on a SecureServerSocket");
+}
+
+
+int SecureServerSocketImpl::receiveFrom(void* /*buffer*/, int /*length*/, SocketAddress& /*address*/, int /*flags*/)
+{
+	throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureServerSocket");
+}
+
+
+void SecureServerSocketImpl::sendUrgent(unsigned char /*data*/)
+{
+	throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureServerSocket");
+}
+
+
+bool SecureServerSocketImpl::secure() const
+{
+	return true;
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
new file mode 100644
index 0000000000..ef924d66ac
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
@@ -0,0 +1,601 @@
+//
+// SecureSocketImpl.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureSocketImpl
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SecureSocketImpl.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/Net/Context.h"
+#include "Poco/Net/X509Certificate.h"
+#include "Poco/Net/Utility.h"
+#include "Poco/Net/SecureStreamSocket.h"
+#include "Poco/Net/SecureStreamSocketImpl.h"
+#include "Poco/Net/StreamSocketImpl.h"
+#include "Poco/Net/StreamSocket.h"
+#include "Poco/Net/NetException.h"
+#include "Poco/Net/DNS.h"
+#include "Poco/NumberFormatter.h"
+#include "Poco/NumberParser.h"
+#include "Poco/Format.h"
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+
+using Poco::IOException;
+using Poco::TimeoutException;
+using Poco::InvalidArgumentException;
+using Poco::NumberFormatter;
+using Poco::Timespan;
+
+
+// workaround for C++-incompatible macro
+#define POCO_BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(void*)((n)?"a":NULL))
+
+
+namespace Poco {
+namespace Net {
+
+struct RemainingTimeCounter
+{
+	RemainingTimeCounter(Poco::Timespan& remainingTime_) : remainingTime(remainingTime_) {};
+	~RemainingTimeCounter()
+	{
+		Poco::Timestamp end;
+		Poco::Timespan waited = end - start;
+		if (waited < remainingTime)
+			remainingTime -= waited;
+		else
+			remainingTime = 0;
+	}
+private:
+	Poco::Timespan& remainingTime;
+	Poco::Timestamp start;
+};
+
+SecureSocketImpl::SecureSocketImpl(Poco::AutoPtr<SocketImpl> pSocketImpl, Context::Ptr pContext):
+	_pSSL(0),
+	_pSocket(pSocketImpl),
+	_pContext(pContext),
+	_needHandshake(false)
+{
+	poco_check_ptr (_pSocket);
+	poco_check_ptr (_pContext);
+}
+
+
+SecureSocketImpl::~SecureSocketImpl()
+{
+	try
+	{
+		reset();
+	}
+	catch (...)
+	{
+		poco_unexpected();
+	}
+}
+
+
+SocketImpl* SecureSocketImpl::acceptConnection(SocketAddress& clientAddr)
+{
+	poco_assert (!_pSSL);
+
+	StreamSocket ss = _pSocket->acceptConnection(clientAddr);
+	Poco::AutoPtr<SecureStreamSocketImpl> pSecureStreamSocketImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(ss.impl()), _pContext);
+	pSecureStreamSocketImpl->acceptSSL();
+	pSecureStreamSocketImpl->duplicate();
+	return pSecureStreamSocketImpl;
+}
+
+
+void SecureSocketImpl::acceptSSL()
+{
+	poco_assert (!_pSSL);
+
+	BIO* pBIO = BIO_new(BIO_s_socket());
+	if (!pBIO) throw SSLException("Cannot create BIO object");
+	BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE);
+
+	_pSSL = SSL_new(_pContext->sslContext());
+	if (!_pSSL)
+	{
+		BIO_free(pBIO);
+		throw SSLException("Cannot create SSL object");
+	}
+	SSL_set_bio(_pSSL, pBIO, pBIO);
+	SSL_set_accept_state(_pSSL);
+	_needHandshake = true;
+}
+
+
+void SecureSocketImpl::connect(const SocketAddress& address, bool performHandshake)
+{
+	if (_pSSL) reset();
+
+	poco_assert (!_pSSL);
+
+	_pSocket->connect(address);
+	connectSSL(performHandshake);
+}
+
+
+void SecureSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake)
+{
+	if (_pSSL) reset();
+
+	poco_assert (!_pSSL);
+
+	_pSocket->connect(address, timeout);
+	//FIXME it updates timeouts of SecureStreamSocketImpl::underlying_socket it does not update timeouts of SecureStreamSocketImpl
+	//However, timeouts of SecureStreamSocketImpl are not used in connectSSL() and previous settings are restored after
+	Poco::Timespan receiveTimeout = _pSocket->getReceiveTimeout();
+	Poco::Timespan sendTimeout = _pSocket->getSendTimeout();
+	_pSocket->setReceiveTimeout(timeout);
+	_pSocket->setSendTimeout(timeout);
+	connectSSL(performHandshake);
+	_pSocket->setReceiveTimeout(receiveTimeout);
+	_pSocket->setSendTimeout(sendTimeout);
+}
+
+
+void SecureSocketImpl::connectNB(const SocketAddress& address)
+{
+	if (_pSSL) reset();
+
+	poco_assert (!_pSSL);
+
+	_pSocket->connectNB(address);
+	connectSSL(false);
+}
+
+
+void SecureSocketImpl::connectSSL(bool performHandshake)
+{
+	poco_assert (!_pSSL);
+	poco_assert (_pSocket->initialized());
+
+	BIO* pBIO = BIO_new(BIO_s_socket());
+	if (!pBIO) throw SSLException("Cannot create SSL BIO object");
+	BIO_set_fd(pBIO, static_cast<int>(_pSocket->sockfd()), BIO_NOCLOSE);
+
+	_pSSL = SSL_new(_pContext->sslContext());
+	if (!_pSSL)
+	{
+		BIO_free(pBIO);
+		throw SSLException("Cannot create SSL object");
+	}
+	SSL_set_bio(_pSSL, pBIO, pBIO);
+
+#if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT)
+	if (!_peerHostName.empty())
+	{
+		SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str());
+	}
+#endif
+
+	if (_pSession)
+	{
+		SSL_set_session(_pSSL, _pSession->sslSession());
+	}
+
+	try
+	{
+		if (performHandshake && _pSocket->getBlocking())
+		{
+			int ret;
+			Poco::Timespan remaining_time = getMaxTimeout();
+			do
+			{
+				RemainingTimeCounter counter(remaining_time);
+				ret = SSL_connect(_pSSL);
+			}
+			while (mustRetry(ret, remaining_time));
+			handleError(ret);
+			verifyPeerCertificate();
+		}
+		else
+		{
+			SSL_set_connect_state(_pSSL);
+			_needHandshake = true;
+		}
+	}
+	catch (...)
+	{
+		SSL_free(_pSSL);
+		_pSSL = 0;
+		throw;
+	}
+}
+
+
+void SecureSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort)
+{
+	poco_check_ptr (_pSocket);
+
+	_pSocket->bind(address, reuseAddress, reusePort);
+}
+
+
+void SecureSocketImpl::listen(int backlog)
+{
+	poco_check_ptr (_pSocket);
+
+	_pSocket->listen(backlog);
+}
+
+
+void SecureSocketImpl::shutdown()
+{
+	if (_pSSL)
+	{
+        // Don't shut down the socket more than once.
+        int shutdownState = SSL_get_shutdown(_pSSL);
+        bool shutdownSent = (shutdownState & SSL_SENT_SHUTDOWN) == SSL_SENT_SHUTDOWN;
+        if (!shutdownSent)
+        {
+			// A proper clean shutdown would require us to
+			// retry the shutdown if we get a zero return
+			// value, until SSL_shutdown() returns 1.
+			// However, this will lead to problems with
+			// most web browsers, so we just set the shutdown
+			// flag by calling SSL_shutdown() once and be
+			// done with it.
+			int rc = SSL_shutdown(_pSSL);
+			if (rc < 0) handleError(rc);
+			if (_pSocket->getBlocking())
+			{
+				_pSocket->shutdown();
+			}
+		}
+	}
+}
+
+
+void SecureSocketImpl::close()
+{
+	try
+	{
+		shutdown();
+	}
+	catch (...)
+	{
+	}
+	_pSocket->close();
+}
+
+
+int SecureSocketImpl::sendBytes(const void* buffer, int length, int /*flags*/)
+{
+	poco_assert (_pSocket->initialized());
+	poco_check_ptr (_pSSL);
+
+	int rc;
+	if (_needHandshake)
+	{
+		rc = completeHandshake();
+		if (rc == 1)
+			verifyPeerCertificate();
+		else if (rc == 0)
+			throw SSLConnectionUnexpectedlyClosedException();
+		else
+			return rc;
+	}
+
+	Poco::Timespan remaining_time = getMaxTimeout();
+	do
+	{
+		RemainingTimeCounter counter(remaining_time);
+		rc = SSL_write(_pSSL, buffer, length);
+	}
+	while (mustRetry(rc, remaining_time));
+	if (rc <= 0)
+	{
+		rc = handleError(rc);
+		if (rc == 0) throw SSLConnectionUnexpectedlyClosedException();
+	}
+	return rc;
+}
+
+
+int SecureSocketImpl::receiveBytes(void* buffer, int length, int /*flags*/)
+{
+	poco_assert (_pSocket->initialized());
+	poco_check_ptr (_pSSL);
+
+	int rc;
+	if (_needHandshake)
+	{
+		rc = completeHandshake();
+		if (rc == 1)
+			verifyPeerCertificate();
+		else
+			return rc;
+	}
+
+	Poco::Timespan remaining_time = getMaxTimeout();
+	do
+	{
+		/// SSL record may consist of several TCP packets,
+		/// so thread can be blocked on recv/send and epoll_wait several times
+		/// until SSL_read will return rc > 0. Let's use our own time counter.
+		RemainingTimeCounter counter(remaining_time);
+		rc = SSL_read(_pSSL, buffer, length);
+	}
+	while (mustRetry(rc, remaining_time));
+	if (rc <= 0)
+	{
+		return handleError(rc);
+	}
+	return rc;
+}
+
+
+int SecureSocketImpl::available() const
+{
+	poco_check_ptr (_pSSL);
+
+	return SSL_pending(_pSSL);
+}
+
+
+int SecureSocketImpl::completeHandshake()
+{
+	poco_assert (_pSocket->initialized());
+	poco_check_ptr (_pSSL);
+
+	int rc;
+	Poco::Timespan remaining_time = getMaxTimeout();
+	do
+	{
+		RemainingTimeCounter counter(remaining_time);
+		rc = SSL_do_handshake(_pSSL);
+	}
+	while (mustRetry(rc, remaining_time));
+	if (rc <= 0)
+	{
+		return handleError(rc);
+	}
+	_needHandshake = false;
+	return rc;
+}
+
+
+void SecureSocketImpl::verifyPeerCertificate()
+{
+	if (_peerHostName.empty())
+		verifyPeerCertificate(_pSocket->peerAddress().host().toString());
+	else
+		verifyPeerCertificate(_peerHostName);
+}
+
+
+void SecureSocketImpl::verifyPeerCertificate(const std::string& hostName)
+{
+	long certErr = verifyPeerCertificateImpl(hostName);
+	if (certErr != X509_V_OK)
+	{
+		std::string msg = Utility::convertCertificateError(certErr);
+		throw CertificateValidationException("Unacceptable certificate from " + hostName, msg);
+	}
+}
+
+
+long SecureSocketImpl::verifyPeerCertificateImpl(const std::string& hostName)
+{
+	Context::VerificationMode mode = _pContext->verificationMode();
+	if (mode == Context::VERIFY_NONE || !_pContext->extendedCertificateVerificationEnabled() ||
+	    (mode != Context::VERIFY_STRICT && isLocalHost(hostName)))
+	{
+		return X509_V_OK;
+	}
+
+	X509* pCert = SSL_get_peer_certificate(_pSSL);
+	if (pCert)
+	{
+		X509Certificate cert(pCert);
+		return cert.verify(hostName) ? X509_V_OK : X509_V_ERR_APPLICATION_VERIFICATION;
+	}
+	else return X509_V_OK;
+}
+
+
+bool SecureSocketImpl::isLocalHost(const std::string& hostName)
+{
+	try
+	{
+		SocketAddress addr(hostName, 0);
+		return addr.host().isLoopback();
+	}
+	catch (Poco::Exception&)
+	{
+		return false;
+	}
+}
+
+
+X509* SecureSocketImpl::peerCertificate() const
+{
+	if (_pSSL)
+		return SSL_get_peer_certificate(_pSSL);
+	else
+		return 0;
+}
+
+Poco::Timespan SecureSocketImpl::getMaxTimeout()
+{
+	Poco::Timespan remaining_time = _pSocket->getReceiveTimeout();
+	Poco::Timespan send_timeout = _pSocket->getSendTimeout();
+	if (remaining_time < send_timeout)
+		remaining_time = send_timeout;
+	return remaining_time;
+}
+
+bool SecureSocketImpl::mustRetry(int rc, Poco::Timespan& remaining_time)
+{
+	if (rc <= 0)
+	{
+		int sslError = SSL_get_error(_pSSL, rc);
+		int socketError = _pSocket->lastError();
+		switch (sslError)
+		{
+		case SSL_ERROR_WANT_READ:
+			if (_pSocket->getBlocking())
+			{
+				/// Level-triggered mode of epoll_wait is used, so if SSL_read don't read all available data from socket,
+				/// epoll_wait returns true without waiting for new data even if remaining_time == 0
+				if (_pSocket->pollImpl(remaining_time, Poco::Net::Socket::SELECT_READ) && remaining_time != 0)
+					return true;
+				else
+					throw Poco::TimeoutException();
+			}
+			break;
+		case SSL_ERROR_WANT_WRITE:
+			if (_pSocket->getBlocking())
+			{
+				/// The same as for SSL_ERROR_WANT_READ
+				if (_pSocket->pollImpl(remaining_time, Poco::Net::Socket::SELECT_WRITE) && remaining_time != 0)
+					return true;
+				else
+					throw Poco::TimeoutException();
+			}
+			break;
+		case SSL_ERROR_SYSCALL:
+			return socketError == POCO_EAGAIN || socketError == POCO_EINTR;
+		default:
+			return socketError == POCO_EINTR;
+		}
+	}
+	return false;
+}
+
+
+int SecureSocketImpl::handleError(int rc)
+{
+	if (rc > 0) return rc;
+
+	int sslError = SSL_get_error(_pSSL, rc);
+	int error = SocketImpl::lastError();
+
+	switch (sslError)
+	{
+	case SSL_ERROR_ZERO_RETURN:
+		return 0;
+	case SSL_ERROR_WANT_READ:
+		return SecureStreamSocket::ERR_SSL_WANT_READ;
+	case SSL_ERROR_WANT_WRITE:
+		return SecureStreamSocket::ERR_SSL_WANT_WRITE;
+	case SSL_ERROR_WANT_CONNECT:
+	case SSL_ERROR_WANT_ACCEPT:
+	case SSL_ERROR_WANT_X509_LOOKUP:
+		// these should not occur
+		poco_bugcheck();
+		return rc;
+	case SSL_ERROR_SYSCALL:
+		if (error != 0)
+		{
+			SocketImpl::error(error);
+		}
+		// fallthrough
+	default:
+		{
+			long lastError = ERR_get_error();
+			if (lastError == 0)
+			{
+				if (rc == 0)
+				{
+					// Most web browsers do this, don't report an error
+					if (_pContext->isForServerUse())
+						return 0;
+					else
+						throw SSLConnectionUnexpectedlyClosedException();
+				}
+				else if (rc == -1)
+				{
+					throw SSLConnectionUnexpectedlyClosedException();
+				}
+				else
+				{
+					SecureStreamSocketImpl::error(Poco::format("The BIO reported an error: %d", rc));
+				}
+			}
+			else
+			{
+				char buffer[256];
+				ERR_error_string_n(lastError, buffer, sizeof(buffer));
+				std::string msg(buffer);
+				throw SSLException(msg);
+			}
+		}
+ 		break;
+	}
+	return rc;
+}
+
+
+void SecureSocketImpl::setPeerHostName(const std::string& peerHostName)
+{
+	_peerHostName = peerHostName;
+}
+
+
+void SecureSocketImpl::reset()
+{
+	close();
+	if (_pSSL)
+	{
+		SSL_free(_pSSL);
+		_pSSL = 0;
+	}
+}
+
+
+void SecureSocketImpl::abort()
+{
+	_pSocket->shutdown();
+}
+
+
+Session::Ptr SecureSocketImpl::currentSession()
+{
+	if (_pSSL)
+	{
+		SSL_SESSION* pSession = SSL_get1_session(_pSSL);
+		if (pSession)
+		{
+			if (_pSession && pSession == _pSession->sslSession())
+			{
+				SSL_SESSION_free(pSession);
+				return _pSession;
+			}
+			else return new Session(pSession);
+		}
+	}
+	return 0;
+}
+
+
+void SecureSocketImpl::useSession(Session::Ptr pSession)
+{
+	_pSession = pSession;
+}
+
+
+bool SecureSocketImpl::sessionWasReused()
+{
+	if (_pSSL)
+		return SSL_session_reused(_pSSL) != 0;
+	else
+		return false;
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocket.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocket.cpp
new file mode 100644
index 0000000000..f4766ca6f9
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocket.cpp
@@ -0,0 +1,287 @@
+//
+// SecureStreamSocket.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureStreamSocket
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SecureStreamSocket.h"
+#include "Poco/Net/SecureStreamSocketImpl.h"
+#include "Poco/Net/SocketImpl.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Exception.h"
+
+
+using Poco::InvalidArgumentException;
+
+
+namespace Poco {
+namespace Net {
+
+
+SecureStreamSocket::SecureStreamSocket(): 
+	StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext()))
+{
+}
+
+
+SecureStreamSocket::SecureStreamSocket(Context::Ptr pContext): 
+	StreamSocket(new SecureStreamSocketImpl(pContext))
+{
+}
+
+
+SecureStreamSocket::SecureStreamSocket(Context::Ptr pContext, Session::Ptr pSession): 
+	StreamSocket(new SecureStreamSocketImpl(pContext))
+{
+	useSession(pSession);
+}
+
+
+SecureStreamSocket::SecureStreamSocket(const SocketAddress& address): 
+	StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext()))
+{
+	connect(address);
+}
+
+
+SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName): 
+	StreamSocket(new SecureStreamSocketImpl(SSLManager::instance().defaultClientContext()))
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
+	connect(address);
+}
+
+
+SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext): 
+	StreamSocket(new SecureStreamSocketImpl(pContext))
+{
+	connect(address);
+}
+
+
+SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, Context::Ptr pContext, Session::Ptr pSession): 
+	StreamSocket(new SecureStreamSocketImpl(pContext))
+{
+	useSession(pSession);
+	connect(address);
+}
+
+
+SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext): 
+	StreamSocket(new SecureStreamSocketImpl(pContext))
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
+	connect(address);
+}
+
+
+SecureStreamSocket::SecureStreamSocket(const SocketAddress& address, const std::string& hostName, Context::Ptr pContext, Session::Ptr pSession): 
+	StreamSocket(new SecureStreamSocketImpl(pContext))
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
+	useSession(pSession);
+	connect(address);
+}
+
+
+SecureStreamSocket::SecureStreamSocket(const Socket& socket): 
+	StreamSocket(socket)
+{
+	if (!dynamic_cast<SecureStreamSocketImpl*>(impl()))
+		throw InvalidArgumentException("Cannot assign incompatible socket");
+}
+
+
+SecureStreamSocket::SecureStreamSocket(SocketImpl* pImpl): 
+	StreamSocket(pImpl)
+{
+	if (!dynamic_cast<SecureStreamSocketImpl*>(impl()))
+		throw InvalidArgumentException("Cannot assign incompatible socket");
+}
+
+
+SecureStreamSocket::~SecureStreamSocket()
+{
+}
+
+
+SecureStreamSocket& SecureStreamSocket::operator = (const Socket& socket)
+{
+	if (dynamic_cast<SecureStreamSocketImpl*>(socket.impl()))
+		StreamSocket::operator = (socket);
+	else
+		throw InvalidArgumentException("Cannot assign incompatible socket");
+	return *this;
+}
+
+
+bool SecureStreamSocket::havePeerCertificate() const
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->havePeerCertificate();
+}
+
+
+X509Certificate SecureStreamSocket::peerCertificate() const
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->peerCertificate();
+}
+
+
+void SecureStreamSocket::setPeerHostName(const std::string& hostName)
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->setPeerHostName(hostName);
+}
+
+	
+const std::string& SecureStreamSocket::getPeerHostName() const
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->getPeerHostName();
+}
+
+
+SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket)
+{
+	SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
+	SecureStreamSocket result(pImpl);
+	if (pImpl->context()->isForServerUse())
+		pImpl->acceptSSL();
+	else
+		pImpl->connectSSL();
+	return result;
+}
+
+
+SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, Context::Ptr pContext)
+{
+	SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
+	SecureStreamSocket result(pImpl);
+	if (pImpl->context()->isForServerUse())
+		pImpl->acceptSSL();
+	else
+		pImpl->connectSSL();
+	return result;
+}
+
+
+SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, Context::Ptr pContext, Session::Ptr pSession)
+{
+	SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
+	SecureStreamSocket result(pImpl);
+	result.useSession(pSession);
+	if (pImpl->context()->isForServerUse())
+		pImpl->acceptSSL();
+	else
+		pImpl->connectSSL();
+	return result;
+}
+
+
+SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName)
+{
+	SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
+	SecureStreamSocket result(pImpl);
+	result.setPeerHostName(peerHostName);
+	if (pImpl->context()->isForServerUse())
+		pImpl->acceptSSL();
+	else
+		pImpl->connectSSL();
+	return result;
+}
+
+
+SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext)
+{
+	SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
+	SecureStreamSocket result(pImpl);
+	result.setPeerHostName(peerHostName);
+	if (pImpl->context()->isForServerUse())
+		pImpl->acceptSSL();
+	else
+		pImpl->connectSSL();
+	return result;
+}
+
+
+SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket, const std::string& peerHostName, Context::Ptr pContext, Session::Ptr pSession)
+{
+	SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
+	SecureStreamSocket result(pImpl);
+	result.setPeerHostName(peerHostName);
+	result.useSession(pSession);
+	if (pImpl->context()->isForServerUse())
+		pImpl->acceptSSL();
+	else
+		pImpl->connectSSL();
+	return result;
+}
+
+
+Context::Ptr SecureStreamSocket::context() const
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->context();
+}
+
+
+void SecureStreamSocket::setLazyHandshake(bool flag)
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->setLazyHandshake(flag);
+}
+
+	
+bool SecureStreamSocket::getLazyHandshake() const
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->getLazyHandshake();
+}
+
+
+void SecureStreamSocket::verifyPeerCertificate()
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->verifyPeerCertificate();
+}
+
+
+void SecureStreamSocket::verifyPeerCertificate(const std::string& hostName)
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->verifyPeerCertificate(hostName);
+}
+
+
+int SecureStreamSocket::completeHandshake()
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->completeHandshake();
+}
+
+
+Session::Ptr SecureStreamSocket::currentSession()
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->currentSession();
+}
+
+	
+void SecureStreamSocket::useSession(Session::Ptr pSession)
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->useSession(pSession);
+}
+
+	
+bool SecureStreamSocket::sessionWasReused()
+{
+	return static_cast<SecureStreamSocketImpl*>(impl())->sessionWasReused();
+}
+
+
+void SecureStreamSocket::abort()
+{
+	static_cast<SecureStreamSocketImpl*>(impl())->abort();
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp
new file mode 100644
index 0000000000..bef198ae69
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/SecureStreamSocketImpl.cpp
@@ -0,0 +1,241 @@
+//
+// SecureStreamSocketImpl.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLSockets
+// Module:  SecureStreamSocketImpl
+//
+// Copyright (c) 2006-2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/SecureStreamSocketImpl.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/Thread.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+SecureStreamSocketImpl::SecureStreamSocketImpl(Context::Ptr pContext):
+    underlying_socket(new StreamSocketImpl),
+	_impl(underlying_socket, pContext),
+	_lazyHandshake(false)
+{
+}
+
+
+SecureStreamSocketImpl::SecureStreamSocketImpl(StreamSocketImpl* pStreamSocket, Context::Ptr pContext):
+    underlying_socket(pStreamSocket),
+	_impl(underlying_socket, pContext),
+	_lazyHandshake(false)
+{
+	pStreamSocket->duplicate();
+	reset(_impl.sockfd());
+}
+
+
+SecureStreamSocketImpl::~SecureStreamSocketImpl()
+{
+	try
+	{
+		reset();
+	}
+	catch (...)
+	{
+		poco_unexpected();
+	}
+}
+
+void SecureStreamSocketImpl::setSendTimeout(const Poco::Timespan& timeout)
+{
+    underlying_socket->setSendTimeout(timeout);
+    _sndTimeout = underlying_socket->getSendTimeout();
+}
+
+void SecureStreamSocketImpl::setReceiveTimeout(const Poco::Timespan& timeout)
+{
+    underlying_socket->setReceiveTimeout(timeout);
+    _recvTimeout = underlying_socket->getReceiveTimeout();
+}
+
+SocketImpl* SecureStreamSocketImpl::acceptConnection(SocketAddress& /*clientAddr*/)
+{
+	throw Poco::InvalidAccessException("Cannot acceptConnection() on a SecureStreamSocketImpl");
+}
+
+
+void SecureStreamSocketImpl::acceptSSL()
+{
+	_impl.acceptSSL();
+}
+
+
+void SecureStreamSocketImpl::connect(const SocketAddress& address)
+{
+	_impl.connect(address, !_lazyHandshake);
+	reset(_impl.sockfd());
+}
+
+
+void SecureStreamSocketImpl::connect(const SocketAddress& address, const Poco::Timespan& timeout)
+{
+	_impl.connect(address, timeout, !_lazyHandshake);
+	reset(_impl.sockfd());
+}
+	
+
+void SecureStreamSocketImpl::connectNB(const SocketAddress& address)
+{
+	_impl.connectNB(address);
+	reset(_impl.sockfd());
+}
+
+
+void SecureStreamSocketImpl::connectSSL()
+{
+	_impl.connectSSL(!_lazyHandshake);
+}
+	
+
+void SecureStreamSocketImpl::bind(const SocketAddress& address, bool reuseAddress, bool reusePort)
+{
+	throw Poco::InvalidAccessException("Cannot bind() a SecureStreamSocketImpl");
+}
+
+	
+void SecureStreamSocketImpl::listen(int /*backlog*/)
+{
+	throw Poco::InvalidAccessException("Cannot listen() on a SecureStreamSocketImpl");
+}
+	
+
+void SecureStreamSocketImpl::close()
+{
+	reset();
+	_impl.close();
+}
+
+
+void SecureStreamSocketImpl::abort()
+{
+	reset();
+	_impl.abort();
+}
+
+
+int SecureStreamSocketImpl::sendBytes(const void* buffer, int length, int flags)
+{
+	return _impl.sendBytes(buffer, length, flags);
+}
+
+
+int SecureStreamSocketImpl::receiveBytes(void* buffer, int length, int flags)
+{
+	return _impl.receiveBytes(buffer, length, flags);
+}
+
+
+int SecureStreamSocketImpl::sendTo(const void* /*buffer*/, int /*length*/, const SocketAddress& /*address*/, int /*flags*/)
+{
+	throw Poco::InvalidAccessException("Cannot sendTo() on a SecureStreamSocketImpl");
+}
+
+
+int SecureStreamSocketImpl::receiveFrom(void* /*buffer*/, int /*length*/, SocketAddress& /*address*/, int /*flags*/)
+{
+	throw Poco::InvalidAccessException("Cannot receiveFrom() on a SecureStreamSocketImpl");
+}
+
+
+void SecureStreamSocketImpl::sendUrgent(unsigned char /*data*/)
+{
+	throw Poco::InvalidAccessException("Cannot sendUrgent() on a SecureStreamSocketImpl");
+}
+
+
+int SecureStreamSocketImpl::available()
+{
+	return _impl.available();
+}
+
+
+void SecureStreamSocketImpl::shutdownReceive()
+{
+}
+
+	
+void SecureStreamSocketImpl::shutdownSend()
+{
+}
+
+	
+void SecureStreamSocketImpl::shutdown()
+{
+	_impl.shutdown();
+}
+
+
+bool SecureStreamSocketImpl::secure() const
+{
+	return true;
+}
+
+
+bool SecureStreamSocketImpl::havePeerCertificate() const
+{
+	X509* pCert = _impl.peerCertificate();
+	if (pCert)
+	{
+		X509_free(pCert);
+		return true;
+	}
+	else return false;
+}
+
+
+X509Certificate SecureStreamSocketImpl::peerCertificate() const
+{
+	X509* pCert = _impl.peerCertificate();
+	if (pCert)
+		return X509Certificate(pCert);
+	else
+		throw SSLException("No certificate available");
+}
+
+
+void SecureStreamSocketImpl::setLazyHandshake(bool flag)
+{
+	_lazyHandshake = flag;
+}
+
+	
+bool SecureStreamSocketImpl::getLazyHandshake() const
+{
+	return _lazyHandshake;
+}
+
+
+void SecureStreamSocketImpl::verifyPeerCertificate()
+{
+	_impl.verifyPeerCertificate();
+}
+
+
+void SecureStreamSocketImpl::verifyPeerCertificate(const std::string& hostName)
+{
+	_impl.verifyPeerCertificate(hostName);
+}
+
+
+int SecureStreamSocketImpl::completeHandshake()
+{
+	return _impl.completeHandshake();
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/Session.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/Session.cpp
new file mode 100644
index 0000000000..96a507d946
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/Session.cpp
@@ -0,0 +1,40 @@
+//
+// Session.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Session
+//
+// Copyright (c) 2010, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#if defined(__APPLE__)
+// Some OpenSSL functions are deprecated in OS X 10.7
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations" 
+#endif
+
+
+#include "Poco/Net/Session.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+Session::Session(SSL_SESSION* pSession):
+	_pSession(pSession)
+{
+}
+
+
+Session::~Session()
+{
+	SSL_SESSION_free(_pSession);
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/Utility.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/Utility.cpp
new file mode 100644
index 0000000000..5428b76996
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/Utility.cpp
@@ -0,0 +1,71 @@
+//
+// Utility.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  Utility
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/Utility.h"
+#include "Poco/String.h"
+#include "Poco/Util/OptionException.h"
+#include <openssl/err.h>
+
+
+namespace Poco {
+namespace Net {
+
+
+Context::VerificationMode Utility::convertVerificationMode(const std::string& vMode)
+{
+	std::string mode = Poco::toLower(vMode);
+	Context::VerificationMode verMode = Context::VERIFY_STRICT;
+
+	if (mode == "none")
+		verMode = Context::VERIFY_NONE;
+	else if (mode == "relaxed")
+		verMode = Context::VERIFY_RELAXED;
+	else if (mode == "strict")
+		verMode = Context::VERIFY_STRICT;
+	else if (mode == "once")
+		verMode = Context::VERIFY_ONCE;
+	else
+		throw Poco::InvalidArgumentException("Invalid verification mode. Should be relaxed, strict or once but got", vMode);
+
+	return verMode;
+}
+
+
+std::string Utility::convertCertificateError(long errCode)
+{
+	std::string errMsg(X509_verify_cert_error_string(errCode));
+	return errMsg;
+}
+
+
+std::string Utility::getLastError()
+{
+	unsigned long errCode = ERR_get_error();
+	if (errCode != 0)
+	{
+		char buffer[256];
+		ERR_error_string_n(errCode, buffer, sizeof(buffer));
+		return std::string(buffer);
+	}
+	else return "No error";
+}
+
+
+void Utility::clearErrorStack()
+{
+	ERR_clear_error();
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp
new file mode 100644
index 0000000000..f7f6451b1c
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/VerificationErrorArgs.cpp
@@ -0,0 +1,37 @@
+//
+// VerificationErrorArgs.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  VerificationErrorArgs
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/VerificationErrorArgs.h"
+
+
+namespace Poco {
+namespace Net {
+
+
+VerificationErrorArgs::VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg):
+	_cert(cert),
+	_errorDepth(errDepth),
+	_errorNumber(errNum),
+	_errorMessage(errMsg),
+	_ignoreError(false)
+{
+}
+
+
+VerificationErrorArgs::~VerificationErrorArgs()
+{
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/src/X509Certificate.cpp b/contrib/libs/poco/NetSSL_OpenSSL/src/X509Certificate.cpp
new file mode 100644
index 0000000000..54651c3ac8
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/src/X509Certificate.cpp
@@ -0,0 +1,175 @@
+//
+// X509Certificate.cpp
+//
+// Library: NetSSL_OpenSSL
+// Package: SSLCore
+// Module:  X509Certificate
+//
+// Copyright (c) 2006-2009, Applied Informatics Software Engineering GmbH.
+// and Contributors.
+//
+// SPDX-License-Identifier:	BSL-1.0
+//
+
+
+#include "Poco/Net/X509Certificate.h"
+#include "Poco/Net/SSLException.h"
+#include "Poco/Net/SSLManager.h"
+#include "Poco/Net/DNS.h"
+#include "Poco/TemporaryFile.h"
+#include "Poco/FileStream.h"
+#include "Poco/StreamCopier.h"
+#include "Poco/String.h"
+#include "Poco/RegularExpression.h"
+#include "Poco/DateTimeParser.h"
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+
+namespace Poco {
+namespace Net {
+
+
+X509Certificate::X509Certificate(std::istream& istr):
+	Poco::Crypto::X509Certificate(istr)
+{	
+}
+
+
+X509Certificate::X509Certificate(const std::string& path):
+	Poco::Crypto::X509Certificate(path)
+{
+}
+
+
+X509Certificate::X509Certificate(X509* pCert):
+	Poco::Crypto::X509Certificate(pCert)
+{
+}
+
+
+X509Certificate::X509Certificate(X509* pCert, bool shared):
+	Poco::Crypto::X509Certificate(pCert, shared)
+{
+}
+
+
+X509Certificate::X509Certificate(const Poco::Crypto::X509Certificate& cert):
+	Poco::Crypto::X509Certificate(cert)
+{
+}
+
+
+X509Certificate& X509Certificate::operator = (const Poco::Crypto::X509Certificate& cert)
+{
+	X509Certificate tmp(cert);
+	swap(tmp);
+	return *this;
+}
+
+
+X509Certificate::~X509Certificate()
+{
+}
+
+
+bool X509Certificate::verify(const std::string& hostName) const
+{
+	return verify(*this, hostName);
+}
+
+
+bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, const std::string& hostName)
+{		
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+	std::string commonName;
+	std::set<std::string> dnsNames;
+	certificate.extractNames(commonName, dnsNames);
+	if (!commonName.empty()) dnsNames.insert(commonName);
+	bool ok = (dnsNames.find(hostName) != dnsNames.end());
+	if (!ok)
+	{
+		for (std::set<std::string>::const_iterator it = dnsNames.begin(); !ok && it != dnsNames.end(); ++it)
+		{
+			try
+			{
+				// two cases: name contains wildcards or not
+				if (containsWildcards(*it))
+				{
+					// a compare by IPAddress is not possible with wildcards
+					// only allow compare by name
+					ok = matchWildcard(*it, hostName);
+				}
+				else
+				{
+					// it depends on hostName whether we compare by IP or by alias
+					IPAddress ip;
+					if (IPAddress::tryParse(hostName, ip))
+					{
+						// compare by IP
+						const HostEntry& heData = DNS::resolve(*it);
+						const HostEntry::AddressList& addr = heData.addresses();
+						HostEntry::AddressList::const_iterator it = addr.begin();
+						HostEntry::AddressList::const_iterator itEnd = addr.end();
+						for (; it != itEnd && !ok; ++it)
+						{
+							ok = (*it == ip);
+						}
+					}
+					else
+					{
+						ok = Poco::icompare(*it, hostName) == 0;
+					}
+				}
+			}
+			catch (NoAddressFoundException&)
+			{
+			}
+			catch (HostNotFoundException&)
+			{
+			}
+		}
+	}
+	return ok;
+#else
+	if (X509_check_host(const_cast<X509*>(certificate.certificate()), hostName.c_str(), hostName.length(), 0, NULL) == 1)
+	{
+		return true;
+	}
+	else
+	{
+		IPAddress ip;
+		if (IPAddress::tryParse(hostName, ip))
+		{
+		    return (X509_check_ip_asc(const_cast<X509*>(certificate.certificate()), hostName.c_str(), 0) == 1);
+		}
+	}
+	return false;
+#endif
+}
+
+
+bool X509Certificate::containsWildcards(const std::string& commonName)
+{
+	return (commonName.find('*') != std::string::npos || commonName.find('?') != std::string::npos);
+}
+
+
+bool X509Certificate::matchWildcard(const std::string& wildcard, const std::string& hostName)
+{
+	// fix wildcards
+	std::string wildcardExpr("^");
+	wildcardExpr += Poco::replace(wildcard, ".", "\\.");
+	Poco::replaceInPlace(wildcardExpr, "*", ".*");
+	Poco::replaceInPlace(wildcardExpr, "..*", ".*");
+	Poco::replaceInPlace(wildcardExpr, "?", ".?");
+	Poco::replaceInPlace(wildcardExpr, "..?", ".?");
+	wildcardExpr += "$";
+
+	Poco::RegularExpression expr(wildcardExpr, Poco::RegularExpression::RE_CASELESS);
+	return expr.match(hostName);
+}
+
+
+} } // namespace Poco::Net
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/ya.make b/contrib/libs/poco/NetSSL_OpenSSL/ya.make
new file mode 100644
index 0000000000..ba6f99d872
--- /dev/null
+++ b/contrib/libs/poco/NetSSL_OpenSSL/ya.make
@@ -0,0 +1,70 @@
+# Generated by devtools/yamaker.
+
+LIBRARY()
+
+OWNER(
+    orivej
+    g:cpp-contrib
+)
+
+LICENSE(
+    BSD-3-Clause AND
+    BSL-1.0
+)
+
+LICENSE_TEXTS(.yandex_meta/licenses.list.txt)
+
+PEERDIR(
+    contrib/libs/openssl
+    contrib/libs/poco/Crypto
+    contrib/libs/poco/Foundation
+    contrib/libs/poco/JSON
+    contrib/libs/poco/Net
+    contrib/libs/poco/Util
+    contrib/libs/poco/XML
+)
+
+ADDINCL(
+    GLOBAL contrib/libs/poco/NetSSL_OpenSSL/include
+    contrib/libs/poco/Crypto/include
+    contrib/libs/poco/Foundation/include
+    contrib/libs/poco/Net/include
+    contrib/libs/poco/NetSSL_OpenSSL/src
+    contrib/libs/poco/Util/include
+)
+
+NO_COMPILER_WARNINGS()
+
+NO_UTIL()
+
+SRCS(
+    src/AcceptCertificateHandler.cpp
+    src/CertificateHandlerFactory.cpp
+    src/CertificateHandlerFactoryMgr.cpp
+    src/ConsoleCertificateHandler.cpp
+    src/Context.cpp
+    src/HTTPSClientSession.cpp
+    src/HTTPSSessionInstantiator.cpp
+    src/HTTPSStreamFactory.cpp
+    src/InvalidCertificateHandler.cpp
+    src/KeyConsoleHandler.cpp
+    src/KeyFileHandler.cpp
+    src/PrivateKeyFactory.cpp
+    src/PrivateKeyFactoryMgr.cpp
+    src/PrivateKeyPassphraseHandler.cpp
+    src/RejectCertificateHandler.cpp
+    src/SSLException.cpp
+    src/SSLManager.cpp
+    src/SecureSMTPClientSession.cpp
+    src/SecureServerSocket.cpp
+    src/SecureServerSocketImpl.cpp
+    src/SecureSocketImpl.cpp
+    src/SecureStreamSocket.cpp
+    src/SecureStreamSocketImpl.cpp
+    src/Session.cpp
+    src/Utility.cpp
+    src/VerificationErrorArgs.cpp
+    src/X509Certificate.cpp
+)
+
+END()