#pragma once #include <util/generic/maybe.h> #include <util/generic/ptr.h> #include <util/stream/input.h> #include <util/stream/output.h> class TOpenSslClientIO: public IInputStream, public IOutputStream { public: struct TOptions { struct TVerifyCert { // Uses builtin certs. // Also uses default CA path /etc/ssl/certs/ - can be provided with debian package: ca-certificates.deb. // It can be expanded with ENV: SSL_CERT_DIR. TString Hostname_; }; struct TClientCert { TString CertificateFile_; TString PrivateKeyFile_; TString PrivateKeyPassword_; }; TMaybe<TVerifyCert> VerifyCert_; TMaybe<TClientCert> ClientCert_; // TODO - keys, cyphers, etc }; TOpenSslClientIO(IInputStream* in, IOutputStream* out); TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options); ~TOpenSslClientIO() override; private: void DoWrite(const void* buf, size_t len) override; size_t DoRead(void* buf, size_t len) override; private: struct TImpl; THolder<TImpl> Impl_; }; struct x509_store_st; namespace NPrivate { struct TSslDestroy { static void Destroy(x509_store_st* x509) noexcept; }; } using TOpenSslX509StorePtr = THolder<x509_store_st, NPrivate::TSslDestroy>; TOpenSslX509StorePtr GetBuiltinOpenSslX509Store();