#pragma once
#include <openssl/ssl.h>

enum ssl_X509_obj_type
{
	SSL_X509_OBJ_CERT,
	SSL_X509_OBJ_CRL
};
struct cert_store_param
{
	unsigned int check_crl;
};
struct ssl_trusted_cert_storage;
struct ssl_trusted_cert_storage* ssl_trusted_cert_storage_create(const char* pem_bundle, const char* pem_dir, struct cert_store_param* param);
void ssl_trusted_cert_storage_destroy(struct ssl_trusted_cert_storage* storage);
struct cert_verify_param
{
	char no_verify_self_signed;
	char no_verify_cn;
	char no_verify_issuer;
	char no_verify_expiry_date;
};
struct cert_verify_result
{
	char is_hostmatched;
	char is_ev;
	char is_ct;
	int error_code;
};
int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storage, SSL * ssl, const char* hostname, struct cert_verify_param* param, char* reason, size_t n_reason, struct cert_verify_result* result);
int ssl_trusted_cert_storage_add(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
int ssl_trusted_cert_storage_del(struct ssl_trusted_cert_storage* storage, enum ssl_X509_obj_type type, const char* filename);
void ssl_trusted_cert_storage_reset(struct ssl_trusted_cert_storage* storage);