Create SslStream from SslCtx.

tdnet/td/net/SslStream.cpp

@@ -135,13 +135,13 @@ using SslHandle = std::unique_ptr<SSL, SslHandleDeleter>;
 
 class SslStreamImpl {
  public:
-  Status init(CSlice host, CSlice cert_file, SslCtx::VerifyPeer verify_peer, bool check_ip_address_as_host) {
+  Status init(CSlice host, SslCtx ssl_ctx, bool check_ip_address_as_host) {
-    SslCtx::init_openssl();
+    if (!ssl_ctx) {
+      return Status::Error("Invalid SSL context provided");
+    }
 
     clear_openssl_errors("Before SslFd::init");
 
-    TRY_RESULT(ssl_ctx, SslCtx::create(cert_file, verify_peer));
-
     auto ssl_handle = SslHandle(SSL_new(static_cast<SSL_CTX *>(ssl_ctx.get_openssl_ctx())));
     if (!ssl_handle) {
       return create_openssl_error(-13, "Failed to create an SSL handle");
@@ -356,10 +356,9 @@ SslStream::SslStream(SslStream &&) noexcept = default;
 SslStream &SslStream::operator=(SslStream &&) noexcept = default;
 SslStream::~SslStream() = default;
 
-Result<SslStream> SslStream::create(CSlice host, CSlice cert_file, SslCtx::VerifyPeer verify_peer,
+Result<SslStream> SslStream::create(CSlice host, SslCtx ssl_ctx, bool use_ip_address_as_host) {
-                                    bool use_ip_address_as_host) {
   auto impl = make_unique<detail::SslStreamImpl>();
-  TRY_STATUS(impl->init(host, cert_file, verify_peer, use_ip_address_as_host));
+  TRY_STATUS(impl->init(host, ssl_ctx, use_ip_address_as_host));
   return SslStream(std::move(impl));
 }
 SslStream::SslStream(unique_ptr<detail::SslStreamImpl> impl) : impl_(std::move(impl)) {
@@ -392,8 +391,7 @@ SslStream::SslStream(SslStream &&) noexcept = default;
 SslStream &SslStream::operator=(SslStream &&) noexcept = default;
 SslStream::~SslStream() = default;
 
-Result<SslStream> SslStream::create(CSlice host, CSlice cert_file, SslCtx::VerifyPeer verify_peer,
+Result<SslStream> SslStream::create(CSlice host, SslCtx ssl_ctx, bool check_ip_address_as_host) {
-                                    bool check_ip_address_as_host) {
   return Status::Error("Not supported in Emscripten");
 }
 

tdnet/td/net/SslStream.h

@@ -25,9 +25,7 @@ class SslStream {
   SslStream &operator=(SslStream &&) noexcept;
   ~SslStream();
 
-  static Result<SslStream> create(CSlice host, CSlice cert_file = CSlice(),
+  static Result<SslStream> create(CSlice host, SslCtx ssl_ctx, bool use_ip_address_as_host = false);
-                                  SslCtx::VerifyPeer verify_peer = SslCtx::VerifyPeer::On,
-                                  bool use_ip_address_as_host = false);
 
   ByteFlowInterface &read_byte_flow();
   ByteFlowInterface &write_byte_flow();

tdnet/td/net/Wget.cpp

@@ -84,7 +84,8 @@ Status Wget::try_init() {
                                                        std::numeric_limits<std::size_t>::max(), 0, 0,
                                                        ActorOwn<HttpOutboundConnection::Callback>(actor_id(this)));
   } else {
-    TRY_RESULT(ssl_stream, SslStream::create(url.host_, CSlice() /* certificate */, verify_peer_));
+    TRY_RESULT(ssl_ctx, SslCtx::create(CSlice() /* certificate */, verify_peer_));
+    TRY_RESULT(ssl_stream, SslStream::create(url.host_, std::move(ssl_ctx)));
     connection_ = create_actor<HttpOutboundConnection>(
         "Connect", BufferedFd<SocketFd>(std::move(fd)), std::move(ssl_stream), std::numeric_limits<std::size_t>::max(),
         0, 0, ActorOwn<HttpOutboundConnection::Callback>(actor_id(this)));