1 // SPDX-License-Identifier: Apache-2.0 2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors 3 4 #pragma once 5 6 #include <openssl/crypto.h> 7 8 #include <boost/asio/ssl/context.hpp> 9 10 #include <memory> 11 #include <optional> 12 #include <string> 13 14 namespace ensuressl 15 { 16 17 enum class VerifyCertificate 18 { 19 Verify, 20 NoVerify 21 }; 22 23 constexpr const char* trustStorePath = "/etc/ssl/certs/authority"; 24 constexpr const char* x509Comment = "Generated from OpenBMC service"; 25 26 bool isTrustChainError(int errnum); 27 28 bool validateCertificate(X509* cert); 29 30 std::string verifyOpensslKeyCert(const std::string& filepath); 31 32 X509* loadCert(const std::string& filePath); 33 34 int addExt(X509* cert, int nid, const char* value); 35 36 std::string generateSslCertificate(const std::string& cn); 37 38 void writeCertificateToFile(const std::string& filepath, 39 const std::string& certificate); 40 41 std::string ensureOpensslKeyPresentAndValid(const std::string& filepath); 42 43 std::shared_ptr<boost::asio::ssl::context> getSslServerContext(); 44 45 std::optional<boost::asio::ssl::context> getSSLClientContext( 46 VerifyCertificate verifyCertificate); 47 48 } // namespace ensuressl 49