aboutsummaryrefslogtreecommitdiffstats
path: root/library/cpp/openssl/io/stream.h
blob: 9cff01710479448ba9caca03f3a9c64d90f9dc62 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#pragma once

#include <util/generic/maybe.h>
#include <util/generic/ptr.h>
#include <util/stream/input.h>
#include <util/stream/output.h>

class TOpenSslClientIO: public IInputStream, public IOutputStream {
public:
    struct TOptions {
        struct TVerifyCert {
            // Uses builtin certs.
            // Also uses default CA path /etc/ssl/certs/ - can be provided with debian package: ca-certificates.deb.
            // It can be expanded with ENV: SSL_CERT_DIR.
            TString Hostname_;
        };
        struct TClientCert { 
            TString CertificateFile_; 
            TString PrivateKeyFile_; 
            TString PrivateKeyPassword_; 
        }; 

        TMaybe<TVerifyCert> VerifyCert_;
        TMaybe<TClientCert> ClientCert_; 
        // TODO - keys, cyphers, etc
    };

    TOpenSslClientIO(IInputStream* in, IOutputStream* out);
    TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options);
    ~TOpenSslClientIO() override;

private:
    void DoWrite(const void* buf, size_t len) override;
    size_t DoRead(void* buf, size_t len) override;

private:
    struct TImpl;
    THolder<TImpl> Impl_;
};

struct x509_store_st;

namespace NPrivate {
    struct TSslDestroy {
        static void Destroy(x509_store_st* x509) noexcept;
    };
}

using TOpenSslX509StorePtr = THolder<x509_store_st, NPrivate::TSslDestroy>;
TOpenSslX509StorePtr GetBuiltinOpenSslX509Store();