blob: 9cff01710479448ba9caca03f3a9c64d90f9dc62 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
#pragma once
#include <util/generic/maybe.h>
#include <util/generic/ptr.h>
#include <util/stream/input.h>
#include <util/stream/output.h>
class TOpenSslClientIO: public IInputStream, public IOutputStream {
public:
struct TOptions {
struct TVerifyCert {
// Uses builtin certs.
// Also uses default CA path /etc/ssl/certs/ - can be provided with debian package: ca-certificates.deb.
// It can be expanded with ENV: SSL_CERT_DIR.
TString Hostname_;
};
struct TClientCert {
TString CertificateFile_;
TString PrivateKeyFile_;
TString PrivateKeyPassword_;
};
TMaybe<TVerifyCert> VerifyCert_;
TMaybe<TClientCert> ClientCert_;
// TODO - keys, cyphers, etc
};
TOpenSslClientIO(IInputStream* in, IOutputStream* out);
TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options);
~TOpenSslClientIO() override;
private:
void DoWrite(const void* buf, size_t len) override;
size_t DoRead(void* buf, size_t len) override;
private:
struct TImpl;
THolder<TImpl> Impl_;
};
struct x509_store_st;
namespace NPrivate {
struct TSslDestroy {
static void Destroy(x509_store_st* x509) noexcept;
};
}
using TOpenSslX509StorePtr = THolder<x509_store_st, NPrivate::TSslDestroy>;
TOpenSslX509StorePtr GetBuiltinOpenSslX509Store();
|