CSslSocket - SSL/TLS enabled CSocket

• Download source files - 12 Kb
• Download demo project - 86 Kb

Motivation

Having seen SSL samples from Platform SDK (WebServer and WebClient) I found, it would be useful to benefit from SSL/TLS functionality built in Windows. However, these samples are not very user friendly - you can learn from them how SSL/TLS works in Windows, but adapt it to different applications is not easy.

Description of solution

I am sure everybody knows CSocket from MFC and has seen samples CHATTER / CHATSRVR - that's place where I started - my idea was to derive CSslSocket from CSocket and extend it with SSL functionality.

It means that CSslSocket works in the same way as CSocket and there are several small differences in the declarations of Create() and Listen() methods:

BOOL Create(
	UINT nSocketPort = 443,
	LPCTSTR lpszSocketAddress = NULL,
	const TCHAR *szCertName = NULL,
	BOOL bMachineStore = FALSE,
	DWORD dwProtocol = 0);
BOOL Listen(
	int nConnectionBacklog = 5,
	BOOL bAuthClient = FALSE);

Parameters nSocketPort, lpszSocketAddress are the same parameters as CSocket has. SSL/TLS are a stream based protocols, therefore you cannot specify SOCK_DGRAM in this method as it is possible for CSocket. However, you can specify name of certificate (you must have certificate for server side), certificate store  and preferred protocol (see SCHANNEL_CRED). Client certificate is not required, but you can force SSL engine to require it. In this case set bAuthClient to TRUE in call to Listen() method.

You can find more information about SSL/TLS and Schannel at locations specified at the begging of the article.

Usage

You can use CSslSocket exactly as you are using CSocket, use it directly, or derive your new class from CSslSocket and overwrite required method. See modified samples provided with this article.

Demo program(s)

There are modified samples from Microsoft CHATTER / CHATSRVR for demonstration of CSslSocket usage and work in the zipped file. Modifications are small - just CSocket is replaced with CSslSocekt and there is code to pass proper parameters to the CSslSocket class. You need one or two certificates to test my class. Simplest way is to install Certificate services from Microsoft and request certificates for client and server identification by web forms provided by Certificate services (you need Windows NT/2000 server), or you can use OpenSSL as well. Then just specify server certificate name for CHATSRVR  in the first dialog window and user certificate name for CHATTER.