CAsyncSslSocketLayer - SSL layer class for CAsyncSocketEx






4.88/5 (12 votes)
Apr 6, 2003
3 min read

92404

414
This class is an SSL layer for CAsyncSocketEx using OpenSSL.
Introduction
CAsyncSslSocketLayer
is a layer class for CAsyncSocketEx
which allows you to establish SSL secured connections to servers.
For information about CAsyncSocketEx
and the layer system in general, please read my CAsyncSocketEx article.
How to use
Using this class is really simple. In the easiest case, just add an instance of CAsyncSslSocketLayer
to your socket and call InitClientSsl
after creation of the socket.
This class only has three new public functions:
InitClientSsl();
This functions establishes an SSL connection to the server. You can call it at any time once the socket has been created. Most likely you want to call this function right after calling
Create
for the socket. But sometimes, you'll need to call this function later. One example is for an FTP connection with explicit SSL: In this case you would have to callInitClientSsl
after receiving the reply to anAUTH SSL
command.UsingSSL();
Returns true if you've previously called
InitClientSsl()
SetNotifyReply(int nID, int nCode, int result);
You can call this function only after receiving a layer specific callback with the
SSL_VERIFY_CERT
ID. See below for details.
This layer sends some layer specific notifications to your socket instance, you can handle them in OnLayerCallback
of your socket class. Valid notification IDs are:
SSL_INFO
0There are two possible values for
param2
:SSL_INFO_ESTABLISHED
0 - You'll get this notification if the SSL negotiation was successful.SSL_INFO_SHUTDOWNCOMPLETE
1 - You'll get this notification if the SSL connection has been shut down successfully. See below for details.
SSL_FAILURE
1This notification is sent if the SSL connection could not be established or if an existing connection failed. Valid values for
param2
are:SSL_FAILURE_UNKNOWN
0 - Details may have been sent with aSSL_VERBOSE_WARNING
orSSL_VERBOSE_INFO
notification.SSL_FAILURE_ESTABLISH
1 - Problem during SSL negotiationSSL_FAILURE_LOADDLLS
2SSL_FAILURE_INITSSL
4SSL_FAILURE_VERIFYCERT
8 - The remote SSL certificate was invalid
SSL_VERBOSE_WARNING
3SSL_VERBOSE_INFO
4These two notifications contain some additional information. The value given by
param2
is a pointer to a null-terminated character string (char *
) with some useful information.SSL_VERIFY_CERT
2This notification is sent each time a remote certificate has to be verified.
param2
is a pointer to at_SslCertData
structure which contains some information about the remote certificate. Return 1 if you trust the certificate and 0 if you don't trust it. If you're unsure so that the user has to choose to trust the certificate, return 2. In this case, you have to callSetNotifyReply
later to resume the SSL connection.nID
has to be thepriv_data
element of thet_SslCertData
structure andnCode
has to beSSL_VERIFY_CERT
. SetnAction
to 1 if you trust the certificate and 0 if you don't trust it.
Be careful with closing the connection after sending data, not all data may have been sent already. Before closing the connection, you should call Shutdown()
and wait for the SSL_INFO_SHUTDOWNCOMPLETE
notification. This assures that all encrypted data really has been sent.
License
Feel free to use this class, as long as you don't claim that you wrote it and this copyright notice stays intact in the source files. If you use this class in commercial applications, please send a short message to tim.kosse@gmx.de.
This product includes software developed by the OpenSSL project for use in the OpenSSL Toolkit.