CodeProject: CSslSocket - SSL/TLS enabled CSocket. Free source code and programming help

Announcements

	Windows 7 Comp Win a laptop!
	Monthly Competition

Articles

Desktop Development

Web Development

Enterprise Systems

Content Management Server

Microsoft BizTalk Server

SQL Reporting Services

Platforms, Frameworks & Libraries

Windows Communication Foundation

Windows Presentation Foundation

Windows Workflow Foundation

Cryptography & Security

Threads, Processes & IPC

WinHelp / HTMLHelp

Uncategorised Quick Answers

Graphics / Design

Expression

Usability

Development Lifecycle

Debug Tips

Design and Architecture

Uncategorised Technical Blogs

Services

Code-signing Certificates

Job Board

CodeProject VS2008 Addin

Feature Zones

Product Showcase

Code Signing Resources

WhitePapers / Webcasts

ASP.NET Web Hosting

Advanced Search
Add to IE Search

Discuss

Report

19 votes for this article.

Popularity: 5.67 Rating: 4.43 out of 5

Motivation

Having seen SSL samples from Platform SDK (WebServer and WebClient) I found, it would be useful to benefit from SSL/TLS functionality built in Windows. However, these samples are not very user friendly - you can learn from them how SSL/TLS works in Windows, but adapt it to different applications is not easy.

Description of solution

I am sure everybody knows CSocket from MFC and has seen samples CHATTER / CHATSRVR - that's place where I started - my idea was to derive CSslSocket from CSocket and extend it with SSL functionality.

It means that CSslSocket works in the same way as CSocket and there are several small differences in the declarations of Create() and Listen() methods:

BOOL Create(
	UINT nSocketPort = 443,
	LPCTSTR lpszSocketAddress = NULL,
	const TCHAR *szCertName = NULL,
	BOOL bMachineStore = FALSE,
	DWORD dwProtocol = 0);
BOOL Listen(
	int nConnectionBacklog = 5,
	BOOL bAuthClient = FALSE);

Parameters nSocketPort, lpszSocketAddress are the same parameters as CSocket has. SSL/TLS are a stream based protocols, therefore you cannot specify SOCK_DGRAM in this method as it is possible for CSocket. However, you can specify name of certificate (you must have certificate for server side), certificate store and preferred protocol (see SCHANNEL_CRED). Client certificate is not required, but you can force SSL engine to require it. In this case set bAuthClient to TRUE in call to Listen() method.

You can find more information about SSL/TLS and Schannel at locations specified at the begging of the article.

Usage

You can use CSslSocket exactly as you are using CSocket, use it directly, or derive your new class from CSslSocket and overwrite required method. See modified samples provided with this article.

Demo program(s)

There are modified samples from Microsoft CHATTER / CHATSRVR for demonstration of CSslSocket usage and work in the zipped file. Modifications are small - just CSocket is replaced with CSslSocekt and there is code to pass proper parameters to the CSslSocket class. You need one or two certificates to test my class. Simplest way is to install Certificate services from Microsoft and request certificates for client and server identification by web forms provided by Certificate services (you need Windows NT/2000 server), or you can use OpenSSL as well. Then just specify server certificate name for CHATSRVR in the first dialog window and user certificate name for CHATTER.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Martin Ziacek

Member

Occupation:	Software Developer (Senior)
Location:	United Kingdom

Other popular Internet / Network articles:

MyDownloader: A Multi-thread C# Segmented Download Manager
Sample application that manages multiple segmented downloads and supports HTTP, FTP and YouTube video downloads
An Asynchronous Socket Server and Client
An asynchronous socket server and client with encryption and compression.
Network Development Kit 2.0
Network Development Kit is a set of simple classes for a client-server architecture.
An FTP client library for .NET 2.0
Provides a useful wrapper to the FtpRequest in .NET 2.0.
Developing Firewalls for Windows 2000/XP
An article about developing Firewalls for Windows 2000/XP

Article Top

You must Sign In to use this message board.

FAQ
Noise Tolerance Layout Per page

Msgs 1 to 25 of 131 (Total in Forum: 131) (Refresh)

FirstPrevNext

Does Schannel support DTLS protocol?

D L Deepthi

20:37 7 Dec '08

Please let me know if Schannel library support DTLS (Datagram Transport Layer Security) protocol? Deepthi
Sign In·View Thread·PermaLink

DecryptMessage fails with SEC_E_DECRYPT_FAILURE (0x80090330L) error

deepthi_dl

5:16 23 Sep '08

Using AES cipher in vista and trying to connect to openssl server with TLS 1.0 version protocol DecryptMessage api fails with SEC_E_DECRYPT_FAILURE error.
SSL handshake is successful and even some of the SSL packets received are decrypted properly. But, after some time DecryptMessage fails with SEC_E_DECRYPT_FAILURE error. After this packet it fails for all other SSL packets.
Please let me know what might be the problem.
Thanks in advance.

Large message will hangs the server

pip.chan

22:20 6 May '08

When data more than 4096, it will hangs the server ? Why?
Sign In·View Thread·PermaLink

Re: Large message will hangs the server

pip.chan

23:43 6 May '08

I found the problem was in the serialization of CMsg object. When data > 4096 the pExtraData will have value and it will hangs the second times CSocket::Receive() function call. Any idea? If data less than 4096 it will be ok since pExtraData will not have value when data < 4096.
Sign In·View Thread·PermaLink

Re: Large message will hangs the server

pip.chan

1:09 7 May '08

I move the do loop position in the code and seems work //do //{ //Problem found here , when serializing the data the program hangs here cbData = CSocket::Receive(m_pbIoBuffer + m_cbIoBuffer, cbIoBufferLength - m_cbIoBuffer); ... DUMP(_T("Received cipher text"),m_pbIoBuffer,cbData); do { ...
Sign In·View Thread·PermaLink

Server requests client cert problem ?

Michael Chourdakis

6:56 24 Nov '07

Hi there.

I 've included ISC_REQ_MANUAL_CRED_VALIDATION which - I believe - will bypass the server's certificate testing (as I want to use the SSL only for an encrypted connection without certificate testing) , and InitializeSecurityContext returns SEC_I_INCOMPLETE_CREDENTIALS.

What to do after that ? How do I supply a certificate to the server If there is no one at the certificate store ?
Michael.

1.20/5 (3 votes)

Server-auth-only with exportable public cert. & .PVK file

BritannicAndy

2:45 2 Aug '07

Hi,

Firstly, thanks to Martin for publishing the class. It's saved me a lot of time.

Although I've looked through all the atricles, I think I need some help with this. I know very little about SChannel or about certificates (and that's the problem Confused

).

What I'm trying to do is write a server application that uses an exportable certificate, with the private key removed, and accesses private key internally by somehow coding it into my application.

My application will not always be running on machines with Internet access, so I don't want to use a CA. I don't need certificates on the client side - only on the server-side.

So, I've managed to use MS Certificate Services to create an exportable certificate and a .PVK file - which I hope contains the private key. I assume there must be a means of extracting the data from the PVK file. The PVK is not for distribution, so I need to somehow hide the key details inside my application, and modify CSslSocket to use this information, rather than get it from the server certificate.

My main objective is to encrypt client/server communications, so they can't easily be sniffed.

I'd be very grateful if someone could tell me how they think this could be done, or if they have a better solution.

Many thanks, in advance.

Andy

error 0x80090304

dpfairchild

12:19 4 May '07

I have compiled the apps using Visual Studio 2005.

Using a free limited time certificate from comodo I am trying to bring up the sslchatserver but when the listen executes it gets to the call to "m_securityFunc.AcquireCredentialsHandle(...)" which returns the error 0x80090304. What does this mean, and what do I do to get around it? Or what did I do wrong to cause it?

Don Fairchild
dfairchild@ctspos.com or donaldfairchild@hotmail.com

1.33/5 (2 votes)

Re: error 0x80090304

isapiyan

16:53 16 May '07

0x80090304 = The Local Security Authority cannot be contacted From my experience usually there's something wrong with the cert (see event viewer if there's any further error message from SChannel) Possible reasons: a) Cert's private key is missing. b) The certificate of the certificate authority (CA) has not been installed. HTH
Sign In·View Thread·PermaLink

error in CSslSocket::ClientHandshakeLoop.

Mazhar Nazeer

3:04 22 Nov '06

Hello,
I have downloaded ur application and setup the environment for that application.I also started LSA and server has started correctly.But client can't be connected with the server. In this method, client receives data first in "cbData" then it calls InitializeSecurityContext, it returns SEC_I_CONTINUE_NEEDED.After that it sends data to server and then again comes in start of while loop and again tries to receive data but it never receives any data, due to which it gives error.plz explain me what to do....and what could be the error, i am stuck at this point......plz reply as soon as possible.
thanks in advance.

Mazhar Nazeer.

1.20/5 (2 votes)

Schannel offline decryption

abhalve

22:11 28 Sep '06

I trying to build a solution where SSL client is sending encrypted data. At the server end i want to receive encryped data store it to file and at later stage decrypt it. My current problem is how to get the CtxtHandle. Thanks you
Sign In·View Thread·PermaLink

always return find not found

tin nguyen trung

7:27 24 Sep '06

I follow as your help, registration two certificate Server and Client. I have 2 computer, Windows 2003 for issued certificate, chatsrv/chatclient run on windowsxp. but when i run chatsrv, in function listen(), always return FALSE at CertFindCertificateInStore(m_hMyCertStore, return are: Status = SEC_E_NO_CREDENTIALS; please help me
Sign In·View Thread·PermaLink	2.00/5 (1 vote)

How to implement on windows 2003

tin nguyen trung

6:02 23 Sep '06

Hello Martin

I cannot install chatsrv/chatclient on Windows 2003. my system as:
i have 2 computer. 1 for windows 2003, 1 for windows XP.
please help me step-by-step how to implementation chatsrv/chatclient on this system.
i need install chatsrv on windows 2003, chatclient on windows xp.
if i don't using windows's certificate. can i using openssl to make public/private. then, how to manual add public/private to chatsrv/chatclient.

Please help me

Nguyen Trung Tin

1.25/5 (4 votes)

Stack Corruption

I.C.Wiener

12:32 19 Mar '06

One of every 5 - 20 calls to Receive() leads to invalid value in EBP (usually 0x00000041) and corrupted stack... I've spent a week trying to fix it.. no results.. Smb please help!
Sign In·View Thread·PermaLink

Re: Stack Corruption

ncranger

23:50 6 Apr '06

I've been trying to debug the same problem with Send() function by placing
__asm
{
push dword ptr[ebp]; <- this is the old EBP in the stack
push format_string;
call printf;
}
between almost every two lines of the function body and found that it were those _DUMP()s that are causing these EBP changes. In my case it was this one:
DUMP(_T("Plain text to send"),pbMessage,dwCurrLn);

I've removed them and it were not only the crashes that disappeared, but I also got a nice performance boost (4Kb/s vs 150Kb/s).

-- modified at 4:51 Friday 7th April, 2006

5.00/5 (1 vote)

Martin - You Still Around?

mjxnjx2

13:35 1 Mar '05

I've built both the ChatServer and the ChatClient successfully. I created my Certificates and was able to start up ChatServer.

But now that it's running, I can't connect with the client or the web browser. All I get from the browser is an acknowledgement of the certificate and the client doesn't connect all.

How would I alter your code to have the WEB BROWSER respond when a connection is attempted? I don't care what it says, it can just say "I am Listening".

Thanx

2.00/5 (1 vote)

LDAP TLS connection

meghan

1:50 20 Jan '05

Can anybody tell me whether there is a version of the Netscape LDAP SDK for C that supports TLS connections to the directory server? The version that I have is 4.1 and it supports only SSL version 3.0. It doesnt support TLS 1.0. Also, can anyone suggest any other client library that is available that supports TLS conections to LDAP server in windows. thanx, megha
Sign In·View Thread·PermaLink

Root CA certificate

stanr

4:49 14 Sep '04

My understanding of SSL communication is that the server sends a server certificate to the client for verification. The client verifies it using a root CA certificate. The client may also optionally send a client certificate (different from the root CA certificate) to the server to be verified.

It seems that the root CA certificate is what is in the certificate store you mentioned. In the method CSslSocket::ClientCreateCredentials() of sslSocket.cpp the call to CertFindCertificateInStore() looks up the root CA using the pszUserName parameter in the "MY" part of the store. The store is in the registry at HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates.

For the root CA's that are preinstalled with a browser, wouldn't these be found under "Root" instead of "My"? Also, is my understanding of all this correct?

Thanks.

Stan

1.88/5 (5 votes)

Bug in extra data handligh

Irek Zielinski

23:38 24 Jul '04

CSslSocket::Receive function has a bug.

if (pExtraBuffer) {
MoveMemory(m_pbIoBuffer, pExtraBuffer->pvBuffer, pExtraBuffer->cbBuffer);
m_cbIoBuffer = pExtraBuffer->cbBuffer;
continue;
}

"continue;" at the end of this part of code is not correct. You should attempt to decrypt this part of message instead of trying to download more in next pass of do-while loop. It quickly leads to errors when there is no more data to receive.
Also I noticed some crash of your code when receiving a big ammounts of data (it happens sometimes, I wans not able to find a solution so far).

Best regards and thanks for your work Smile

Irek

Check out my software at: http://www.ireksoftware.com

Re: Bug in extra data handligh

Darkstructures

23:01 4 Apr '05

This code has a second bug.

According to the MSDN documenation at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/extra_buffers_returned_by_schannel.asp
pExtraBuffer->pvBuffer does not contain the actual extra data. The extra data is left in the original buffer.

The code should be chaged


if (pExtraData) {
MoveMemory(m_pcbIoBuffer, m_pcbIoBuffer + m_cbIoBuffer, pExtraData->cbBuffer);
m_cbIoBuffer = pExtraBuffer->cbBuffer;
continue;
}

Re: Bug in extra data handligh

I.C.Wiener

19:14 19 Mar '06

You mean, (pExtraBuffer) { MoveMemory(m_pbIoBuffer, pExtraBuffer->pvBuffer, pExtraBuffer->cbBuffer); m_cbIoBuffer = pExtraBuffer->cbBuffer; continue; } in Receive method should be replaced by: if (pExtraData) { MoveMemory(m_pcbIoBuffer, m_pcbIoBuffer + m_cbIoBuffer, pExtraData->cbBuffer); m_cbIoBuffer = pExtraBuffer->cbBuffer; continue; } ? But pExtraData is not defined in Receive...
Sign In·View Thread·PermaLink

Crashes when sending multiple packets

GNZ

9:08 4 May '04

Hi, I am using this class as a Client SSL Socket to connect to a server. However, it fails when I send 2 or more consecutive packets without receving anything from the server. For example, Client Server ----> <---- ----> ----> * (Client Freezes before this Step) Did anyone encounter such a scenario? Thanks in advance, Greg.
Sign In·View Thread·PermaLink	5.00/5 (1 vote)

Does it works on Win98?

Anonymous

0:22 29 Apr '04

I have built and used the demo in WinXP/Win2000 with no error, but I´d like to know if this works on Win98 machines. Also I´m now using a WindowsMilleniums and it hangs in m_SecurityFunc.EncryptMessage call.
Sign In·View Thread·PermaLink

Re: Does it works on Win98?

Petr Prazak

4:03 24 Nov '05

On Windows9x the EncryptMessage and DecryptMessage functions are not initialized. They are available under Reserved3 and Reserved4 fields. See also this thread.
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Tried Suggestions - Wont Build ChatSrv

mjxnjx2

14:13 14 Apr '04

Hey -

I took the advice from this board and installed the Core SDK, the Internet SDK and even the MDAC SDK (just for my own use). I restarted my machine. My result: no change. WTF

I cannot compile the demo nomatter what.

Obviously it's still missing schannel.h. How about including this and any other neccessary headers to go with it in the source? Who knows, maybe that'll do it?

Compiling...
Stdafx.cpp
c:\program files\microsoft visual studio\vc98\include\wintrust.h(139) : error C2143: syntax error : missing ';' before '*'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(139) : error C2501: 'CMSG_SIGNER_INFO' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(139) : error C2501: 'psSignerInfo' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(142) : error C2143: syntax error : missing ';' before '*'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(142) : error C2501: 'HCERTSTORE' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(142) : error C2501: 'pahStores' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(158) : error C2143: syntax error : missing ';' before '*'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(158) : error C2501: 'CERT_CONTEXT' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(158) : error C2501: 'psCertContext' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(161) : error C2143: syntax error : missing ';' before '*'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(161) : error C2501: 'HCERTSTORE' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(161) : error C2501: 'pahStores' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(229) : error C2146: syntax error : missing ';' before identifier 'Data'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(229) : error C2501: 'CRYPT_ATTRIBUTE_TYPE_VALUE' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(229) : error C2501: 'Data' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(230) : error C2146: syntax error : missing ';' before identifier 'DigestAlgorithm'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(230) : error C2501: 'CRYPT_ALGORITHM_IDENTIFIER' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(230) : error C2501: 'DigestAlgorithm' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(231) : error C2146: syntax error : missing ';' before identifier 'Digest'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(231) : error C2501: 'CRYPT_HASH_BLOB' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(231) : error C2501: 'Digest' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(316) : error C2061: syntax error : identifier 'HCERTSTORE'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(327) : error C2061: syntax error : identifier 'PCCERT_CONTEXT'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(422) : error C2146: syntax error : missing ';' before identifier 'pCert'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(422) : error C2501: 'PCCERT_CONTEXT' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(422) : error C2501: 'pCert' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(467) : error C2143: syntax error : missing ';' before '*'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(467) : error C2501: 'CMSG_SIGNER_INFO' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(467) : error C2501: 'psSigner' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(519) : error C2146: syntax error : missing ';' before identifier 'hProv'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(519) : error C2501: 'HCRYPTPROV' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(519) : error C2501: 'hProv' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(532) : error C2143: syntax error : missing ';' before '*'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(532) : error C2501: 'HCERTSTORE' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(532) : error C2501: 'pahStores' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(535) : error C2146: syntax error : missing ';' before identifier 'hMsg'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(535) : error C2501: 'HCRYPTMSG' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(535) : error C2501: 'hMsg' : missing storage-class or type specifiers
c:\program files\microsoft visual studio\vc98\include\wintrust.h(644) : error C2143: syntax error : missing ';' before '__stdcall'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(646) : error C2061: syntax error : identifier 'PCCERT_CONTEXT'
c:\program files\microsoft visual studio\vc98\include\wintrust.h(649) : error C2061: syntax error : identifier 'CERT_INFO'
c:\###ssl\csslsocket\chatsrvr\stdafx.h(24) : fatal error C1083: Cannot open include file: 'schannel.h': No such file or directory
Error executing cl.exe.

chatsrvr.exe - 42 error(s), 0 warning(s)

1.25/5 (3 votes)

Last Visit: 16:33 23 Nov '09 Last Update: 16:33 23 Nov '09

12 3 4 5 6 Next »

General News Question Answer Joke Rant Admin

PermaLink | Privacy | Terms of Use
Last Updated: 24 Nov 2001
Editor: Chris Maunder