diff options
| author | Devtools Arcadia <arcadia-devtools@yandex-team.ru> | 2022-02-07 18:08:42 +0300 |
|---|---|---|
| committer | Devtools Arcadia <arcadia-devtools@mous.vla.yp-c.yandex.net> | 2022-02-07 18:08:42 +0300 |
| commit | 1110808a9d39d4b808aef724c861a2e1a38d2a69 (patch) | |
| tree | e26c9fed0de5d9873cce7e00bc214573dc2195b7 /library/cpp/openssl/io/stream.h | |
| download | ydb-1110808a9d39d4b808aef724c861a2e1a38d2a69.tar.gz | |
intermediate changes
ref:cde9a383711a11544ce7e107a78147fb96cc4029
Diffstat (limited to 'library/cpp/openssl/io/stream.h')
| -rw-r--r-- | library/cpp/openssl/io/stream.h | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/library/cpp/openssl/io/stream.h b/library/cpp/openssl/io/stream.h new file mode 100644 index 0000000000..7bca8f80ef --- /dev/null +++ b/library/cpp/openssl/io/stream.h @@ -0,0 +1,50 @@ +#pragma once + +#include <util/generic/maybe.h> +#include <util/generic/ptr.h> +#include <util/stream/input.h> +#include <util/stream/output.h> + +class TOpenSslClientIO: public IInputStream, public IOutputStream { +public: + struct TOptions { + struct TVerifyCert { + // Uses builtin certs. + // Also uses default CA path /etc/ssl/certs/ - can be provided with debian package: ca-certificates.deb. + // It can be expanded with ENV: SSL_CERT_DIR. + TString Hostname_; + }; + struct TClientCert { + TString CertificateFile_; + TString PrivateKeyFile_; + TString PrivateKeyPassword_; + }; + + TMaybe<TVerifyCert> VerifyCert_; + TMaybe<TClientCert> ClientCert_; + // TODO - keys, cyphers, etc + }; + + TOpenSslClientIO(IInputStream* in, IOutputStream* out); + TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options); + ~TOpenSslClientIO() override; + +private: + void DoWrite(const void* buf, size_t len) override; + size_t DoRead(void* buf, size_t len) override; + +private: + struct TImpl; + THolder<TImpl> Impl_; +}; + +struct x509_store_st; + +namespace NPrivate { + struct TSslDestroy { + static void Destroy(x509_store_st* x509) noexcept; + }; +} + +using TOpenSslX509StorePtr = THolder<x509_store_st, NPrivate::TSslDestroy>; +TOpenSslX509StorePtr GetBuiltinOpenSslX509Store(); |