Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 7805ca2f7fb295ca5f8a314c5b7a85f944b9b74f / . / include / ssl_key_handler.hpp
blob: 7670bcb22383a9d4b9e60b52b2e99148b10cc096 [file] [log] [blame]
#pragma once
#include <boost/asio/ssl/context.hpp>
#include <optional>
#include <string>
namespace ensuressl
{
enum class VerifyCertificate
{
Verify,
NoVerify
};
constexpr const char* trustStorePath = "/etc/ssl/certs/authority";
constexpr const char* x509Comment = "Generated from OpenBMC service";
bool isTrustChainError(int errnum);
bool validateCertificate(X509* cert);
std::string verifyOpensslKeyCert(const std::string& filepath);
X509* loadCert(const std::string& filePath);
int addExt(X509* cert, int nid, const char* value);
std::string generateSslCertificate(const std::string& cn);
void writeCertificateToFile(const std::string& filepath,
const std::string& certificate);
std::string ensureOpensslKeyPresentAndValid(const std::string& filepath);
std::shared_ptr<boost::asio::ssl::context> getSslServerContext();
std::optional<boost::asio::ssl::context>
getSSLClientContext(VerifyCertificate verifyCertificate);
} // namespace ensuressl