Click here to Skip to main content
11,576,993 members (55,042 online)
Click here to Skip to main content

CSslSocket - SSL/TLS enabled CSocket

, 24 Nov 2001 315.6K 7.4K 72
Rate this:
Please Sign up or sign in to vote.
CSocket derived class with SSL/TLS extension
<!-- Download Links -->

Motivation

Having seen SSL samples from Platform SDK (WebServer and WebClient) I found, it would be useful to benefit from SSL/TLS functionality built in Windows. However, these samples are not very user friendly - you can learn from them how SSL/TLS works in Windows, but adapt it to different applications is not easy.

Description of solution

I am sure everybody knows CSocket from MFC and has seen samples CHATTER / CHATSRVR - that's place where I started - my idea was to derive CSslSocket from CSocket and extend it with SSL functionality.

It means that CSslSocket works in the same way as CSocket and there are several small differences in the declarations of Create() and Listen() methods:

BOOL Create(
	UINT nSocketPort = 443,
	LPCTSTR lpszSocketAddress = NULL,
	const TCHAR *szCertName = NULL,
	BOOL bMachineStore = FALSE,
	DWORD dwProtocol = 0);
BOOL Listen(
	int nConnectionBacklog = 5,
	BOOL bAuthClient = FALSE);

Parameters nSocketPort, lpszSocketAddress are the same parameters as CSocket has. SSL/TLS are a stream based protocols, therefore you cannot specify SOCK_DGRAM in this method as it is possible for CSocket. However, you can specify name of certificate (you must have certificate for server side), certificate store  and preferred protocol (see SCHANNEL_CRED). Client certificate is not required, but you can force SSL engine to require it. In this case set bAuthClient to TRUE in call to Listen() method.

You can find more information about SSL/TLS and Schannel at locations specified at the begging of the article.

Usage

You can use CSslSocket exactly as you are using CSocket, use it directly, or derive your new class from CSslSocket and overwrite required method. See modified samples provided with this article.

Demo program(s)

There are modified samples from Microsoft CHATTER / CHATSRVR for demonstration of CSslSocket usage and work in the zipped file. Modifications are small - just CSocket is replaced with CSslSocekt and there is code to pass proper parameters to the CSslSocket class. You need one or two certificates to test my class. Simplest way is to install Certificate services from Microsoft and request certificates for client and server identification by web forms provided by Certificate services (you need Windows NT/2000 server), or you can use OpenSSL as well. Then just specify server certificate name for CHATSRVR  in the first dialog window and user certificate name for CHATTER.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Martin Ziacek
Software Developer (Senior)
United Kingdom United Kingdom
No Biography provided

You may also be interested in...

Comments and Discussions

 
QuestionLicense Pin
talbot4-Jul-11 0:21
membertalbot4-Jul-11 0:21 
QuestionHow to enable TLS? Pin
StefanKittel13-Dec-09 11:29
memberStefanKittel13-Dec-09 11:29 
AnswerRe: How to enable TLS? Pin
Art Joyce3-Feb-12 4:04
memberArt Joyce3-Feb-12 4:04 
QuestionDoes Schannel support DTLS protocol? Pin
D L Deepthi7-Dec-08 19:37
memberD L Deepthi7-Dec-08 19:37 
QuestionDecryptMessage fails with SEC_E_DECRYPT_FAILURE (0x80090330L) error Pin
deepthi_dl23-Sep-08 4:16
memberdeepthi_dl23-Sep-08 4:16 
GeneralLarge message will hangs the server Pin
pip.chan6-May-08 21:20
memberpip.chan6-May-08 21:20 
GeneralRe: Large message will hangs the server Pin
pip.chan6-May-08 22:43
memberpip.chan6-May-08 22:43 
GeneralRe: Large message will hangs the server Pin
pip.chan7-May-08 0:09
memberpip.chan7-May-08 0:09 
QuestionServer requests client cert problem ? Pin
Michael Chourdakis24-Nov-07 5:56
memberMichael Chourdakis24-Nov-07 5:56 
QuestionServer-auth-only with exportable public cert. & .PVK file Pin
BritannicAndy2-Aug-07 1:45
memberBritannicAndy2-Aug-07 1:45 
Hi,

Firstly, thanks to Martin for publishing the class. It's saved me a lot of time.

Although I've looked through all the atricles, I think I need some help with this. I know very little about SChannel or about certificates (and that's the problem Confused | :confused: ).

What I'm trying to do is write a server application that uses an exportable certificate, with the private key removed, and accesses private key internally by somehow coding it into my application.

My application will not always be running on machines with Internet access, so I don't want to use a CA. I don't need certificates on the client side - only on the server-side.

So, I've managed to use MS Certificate Services to create an exportable certificate and a .PVK file - which I hope contains the private key. I assume there must be a means of extracting the data from the PVK file. The PVK is not for distribution, so I need to somehow hide the key details inside my application, and modify CSslSocket to use this information, rather than get it from the server certificate.

My main objective is to encrypt client/server communications, so they can't easily be sniffed.

I'd be very grateful if someone could tell me how they think this could be done, or if they have a better solution.

Many thanks, in advance.



Andy
Questionerror 0x80090304 Pin
dpfairchild4-May-07 11:19
memberdpfairchild4-May-07 11:19 
AnswerRe: error 0x80090304 Pin
isapiyan16-May-07 15:53
memberisapiyan16-May-07 15:53 
Generalerror in CSslSocket::ClientHandshakeLoop. Pin
Mazhar Nazeer22-Nov-06 2:04
memberMazhar Nazeer22-Nov-06 2:04 
GeneralSchannel offline decryption Pin
abhalve28-Sep-06 21:11
memberabhalve28-Sep-06 21:11 
Questionalways return find not found Pin
tin nguyen trung24-Sep-06 6:27
membertin nguyen trung24-Sep-06 6:27 
QuestionHow to implement on windows 2003 Pin
tin nguyen trung23-Sep-06 5:02
membertin nguyen trung23-Sep-06 5:02 
GeneralStack Corruption Pin
I.C.Wiener19-Mar-06 11:32
memberI.C.Wiener19-Mar-06 11:32 
GeneralRe: Stack Corruption Pin
ncranger6-Apr-06 22:50
memberncranger6-Apr-06 22:50 
QuestionMartin - You Still Around? Pin
mjxnjx21-Mar-05 12:35
membermjxnjx21-Mar-05 12:35 
GeneralLDAP TLS connection Pin
meghan20-Jan-05 0:50
membermeghan20-Jan-05 0:50 
GeneralRoot CA certificate Pin
stanr14-Sep-04 3:49
memberstanr14-Sep-04 3:49 
GeneralBug in extra data handligh Pin
Irek Zielinski24-Jul-04 22:38
memberIrek Zielinski24-Jul-04 22:38 
GeneralRe: Bug in extra data handligh Pin
Darkstructures4-Apr-05 22:01
memberDarkstructures4-Apr-05 22:01 
GeneralRe: Bug in extra data handligh Pin
I.C.Wiener19-Mar-06 18:14
memberI.C.Wiener19-Mar-06 18:14 
GeneralCrashes when sending multiple packets Pin
GNZ4-May-04 8:08
memberGNZ4-May-04 8:08 
QuestionDoes it works on Win98? Pin
Anonymous28-Apr-04 23:22
sussAnonymous28-Apr-04 23:22 
AnswerRe: Does it works on Win98? Pin
Petr Prazak24-Nov-05 3:03
memberPetr Prazak24-Nov-05 3:03 
GeneralTried Suggestions - Wont Build ChatSrv Pin
mjxnjx214-Apr-04 13:13
membermjxnjx214-Apr-04 13:13 
GeneralRe: Tried Suggestions - Wont Build ChatSrv Pin
GNZ20-Apr-04 9:28
memberGNZ20-Apr-04 9:28 
GeneralRe: Tried Suggestions - Wont Build ChatSrv Pin
GNZ21-Apr-04 9:14
memberGNZ21-Apr-04 9:14 
GeneralRe: Tried Suggestions - Wont Build ChatSrv Pin
washinglee18-Apr-06 0:32
memberwashinglee18-Apr-06 0:32 
AnswerRe: Tried Suggestions - Wont Build ChatSrv Pin
Sudantha Athauda15-Feb-07 17:29
memberSudantha Athauda15-Feb-07 17:29 
QuestionHow to build this project thanks Pin
wyoo24-Feb-04 1:23
memberwyoo24-Feb-04 1:23 
AnswerRe: How to build this project thanks Pin
nguyenguyen8-Mar-07 23:22
membernguyenguyen8-Mar-07 23:22 
Generalmore remark Pin
plfff7-May-03 17:34
memberplfff7-May-03 17:34 
GeneralClient Side failures Pin
Raymond Donaldson22-Nov-02 7:49
memberRaymond Donaldson22-Nov-02 7:49 
GeneralRe: Client Side failures Pin
Raymond Donaldson22-Nov-02 11:54
memberRaymond Donaldson22-Nov-02 11:54 
GeneralAttach and Detach Pin
Anonymous20-Nov-02 6:25
sussAnonymous20-Nov-02 6:25 
GeneralCan't acquire credentials Pin
Alan Gardiner13-Nov-02 6:02
memberAlan Gardiner13-Nov-02 6:02 
GeneralIssue when the client and the server does not run on the same computer Pin
Christian Meunier2-Nov-02 6:15
sussChristian Meunier2-Nov-02 6:15 
GeneralQuestions to Martin :) Pin
WillyNT29-Oct-02 23:00
sussWillyNT29-Oct-02 23:00 
GeneralRe: Questions to Martin :) Pin
Martin Ziacek30-Oct-02 3:47
memberMartin Ziacek30-Oct-02 3:47 
GeneralRe: Questions to Martin :) Pin
francescopetruzzi25-Nov-02 2:21
memberfrancescopetruzzi25-Nov-02 2:21 
Generalcompatibility Pin
Balint Jureczky21-Oct-02 23:02
memberBalint Jureczky21-Oct-02 23:02 
GeneralRe: compatibility Pin
Martin Ziacek30-Oct-02 23:03
memberMartin Ziacek30-Oct-02 23:03 
Generalcertificates Pin
Finelame12-Oct-02 11:55
memberFinelame12-Oct-02 11:55 
GeneralRe: certificates Pin
Balint Jureczky21-Oct-02 22:57
memberBalint Jureczky21-Oct-02 22:57 
GeneralThe Chatsrv doesn't run Pin
GUESDON Vincent11-Oct-02 5:36
sussGUESDON Vincent11-Oct-02 5:36 
GeneralRe: The Chatsrv doesn't run Pin
GUESDON Vincent11-Oct-02 6:31
sussGUESDON Vincent11-Oct-02 6:31 
GeneralRe: The Chatsrv doesn't run Pin
Martin Ziacek11-Oct-02 10:13
memberMartin Ziacek11-Oct-02 10:13 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150603.1 | Last Updated 25 Nov 2001
Article Copyright 2001 by Martin Ziacek
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid