stream.h 1.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950
  1. #pragma once
  2. #include <util/generic/maybe.h>
  3. #include <util/generic/ptr.h>
  4. #include <util/stream/input.h>
  5. #include <util/stream/output.h>
  6. class TOpenSslClientIO: public IInputStream, public IOutputStream {
  7. public:
  8. struct TOptions {
  9. struct TVerifyCert {
  10. // Uses builtin certs.
  11. // Also uses default CA path /etc/ssl/certs/ - can be provided with debian package: ca-certificates.deb.
  12. // It can be expanded with ENV: SSL_CERT_DIR.
  13. TString Hostname_;
  14. };
  15. struct TClientCert {
  16. TString CertificateFile_;
  17. TString PrivateKeyFile_;
  18. TString PrivateKeyPassword_;
  19. };
  20. TMaybe<TVerifyCert> VerifyCert_;
  21. TMaybe<TClientCert> ClientCert_;
  22. // TODO - keys, cyphers, etc
  23. };
  24. TOpenSslClientIO(IInputStream* in, IOutputStream* out);
  25. TOpenSslClientIO(IInputStream* in, IOutputStream* out, const TOptions& options);
  26. ~TOpenSslClientIO() override;
  27. private:
  28. void DoWrite(const void* buf, size_t len) override;
  29. size_t DoRead(void* buf, size_t len) override;
  30. private:
  31. struct TImpl;
  32. THolder<TImpl> Impl_;
  33. };
  34. struct x509_store_st;
  35. namespace NPrivate {
  36. struct TSslDestroy {
  37. static void Destroy(x509_store_st* x509) noexcept;
  38. };
  39. }
  40. using TOpenSslX509StorePtr = THolder<x509_store_st, NPrivate::TSslDestroy>;
  41. TOpenSslX509StorePtr GetBuiltinOpenSslX509Store();