Merge 06459d6 into fcc71af

Author: vitalyisaev2

ydb/library/yql/providers/common/proto/gateways_config.proto

@@ -595,6 +595,11 @@ message TGenericConnectorConfig {
     // If true, GRPC Client will use TLS encryption.
     // Server cert will be verified with system CA cert pool.
     optional bool UseSsl = 4;
+    // Path to the custom CA certificate that was used 
+    // during Connector key pair issuing. 
+    // If empty, the default system root certificates will be used 
+    // to verify Connector's cert.
+    optional string SslCaCrt = 5;
 
     reserved 1, 2;
 }

ydb/library/yql/providers/generic/connector/libcpp/client.cpp

@@ -1,3 +1,5 @@
+#include <util/stream/file.h>
+
 #include "client.h"
 
 namespace NYql::NConnector {
@@ -21,10 +23,18 @@ namespace NYql::NConnector {
     public:
         TClientGRPC() = delete;
         TClientGRPC(const TGenericConnectorConfig& config) {
-            TString endpoint = TStringBuilder() << config.GetEndpoint().host() << ":" << ToString(config.GetEndpoint().port());
-            GrpcConfig_ = NYdbGrpc::TGRpcClientConfig(endpoint);
+            GrpcConfig_ = NYdbGrpc::TGRpcClientConfig();
+            GrpcConfig_.Locator = TStringBuilder() << config.GetEndpoint().host() << ":" << ToString(config.GetEndpoint().port());;
             GrpcConfig_.EnableSsl = config.GetUseSsl();
 
+            // Read content of CA cert
+            TString rootCertData;
+            if (config.GetSslCaCrt()) {
+                rootCertData = TFileInput(config.GetSslCaCrt()).ReadAll();
+            }
+
+            GrpcConfig_.SslCredentials = grpc::SslCredentialsOptions{.pem_root_certs = rootCertData, .pem_private_key = "", .pem_cert_chain = ""};
+
             GrpcClient_ = std::make_unique<NYdbGrpc::TGRpcClientLow>();
 
             // FIXME: is it OK to use single connection during the client lifetime?