Click here to Skip to main content
15,891,248 members
Search within:


Articles / Desktop Programming / MFC
 
Article

CSslSocket - SSL/TLS enabled CSocket

Rate me:
Please Sign up or sign in to vote.
4.60/5 (12 votes)
24 Nov 20012 min read 833.6K   11.1K   83   136
CSocket derived class with SSL/TLS extension

Motivation

Having seen SSL samples from Platform SDK (WebServer and WebClient) I found, it would be useful to benefit from SSL/TLS functionality built in Windows. However, these samples are not very user friendly - you can learn from them how SSL/TLS works in Windows, but adapt it to different applications is not easy.

Description of solution

I am sure everybody knows CSocket from MFC and has seen samples CHATTER / CHATSRVR - that's place where I started - my idea was to derive CSslSocket from CSocket and extend it with SSL functionality.

It means that CSslSocket works in the same way as CSocket and there are several small differences in the declarations of Create() and Listen() methods:

BOOL Create(
	UINT nSocketPort = 443,
	LPCTSTR lpszSocketAddress = NULL,
	const TCHAR *szCertName = NULL,
	BOOL bMachineStore = FALSE,
	DWORD dwProtocol = 0);
BOOL Listen(
	int nConnectionBacklog = 5,
	BOOL bAuthClient = FALSE);

Parameters nSocketPort, lpszSocketAddress are the same parameters as CSocket has. SSL/TLS are a stream based protocols, therefore you cannot specify SOCK_DGRAM in this method as it is possible for CSocket. However, you can specify name of certificate (you must have certificate for server side), certificate store  and preferred protocol (see SCHANNEL_CRED). Client certificate is not required, but you can force SSL engine to require it. In this case set bAuthClient to TRUE in call to Listen() method.

You can find more information about SSL/TLS and Schannel at locations specified at the begging of the article.

Usage

You can use CSslSocket exactly as you are using CSocket, use it directly, or derive your new class from CSslSocket and overwrite required method. See modified samples provided with this article.

Demo program(s)

There are modified samples from Microsoft CHATTER / CHATSRVR for demonstration of CSslSocket usage and work in the zipped file. Modifications are small - just CSocket is replaced with CSslSocekt and there is code to pass proper parameters to the CSslSocket class. You need one or two certificates to test my class. Simplest way is to install Certificate services from Microsoft and request certificates for client and server identification by web forms provided by Certificate services (you need Windows NT/2000 server), or you can use OpenSSL as well. Then just specify server certificate name for CHATSRVR  in the first dialog window and user certificate name for CHATTER.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Martin Ziacek
Software Developer (Senior)
United Kingdom United Kingdom
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
FirstPrevNext
GeneralRe: How to build you example code? Pin
Martin Ziacek8-Jul-02 8:02
Martin Ziacek8-Jul-02 8:02 
GeneralRe: How to build you example code? Pin
28-May-02 22:45
suss28-May-02 22:45 
GeneralRe: How to build you example code? Pin
Martin Ziacek28-May-02 23:00
Martin Ziacek28-May-02 23:00 
GeneralCann't certificates. Pin
29-May-02 15:52
suss29-May-02 15:52 
GeneralRe: Cann't certificates. Pin
Martin Ziacek29-May-02 20:06
Martin Ziacek29-May-02 20:06 
GeneralReply: Cann't certificates. Pin
29-May-02 20:34
suss29-May-02 20:34 
GeneralRe: Reply: Cann't certificates. Pin
Martin Ziacek29-May-02 22:27
Martin Ziacek29-May-02 22:27 
QuestionHow to get samples running Pin
Martin Ziacek21-May-02 1:43
Martin Ziacek21-May-02 1:43 
Having seen how many people have troubles to get two demo programs running, I have decided to provide following description:

1. Please, ensure you are able to run and understand original versions of CHATTER and CHATSRVR. You can run both programs on the same machine. You will see how it works with ‘insecure’ connection. Read and understand specification of SSL/TLS. There is a link in the artcile to RFC.
2. Compile modified demos from this article. Get the latest version of Platform SDK first (there is a link at the beginning of the article to download it). Visual C++ is not enough to compile it.
3. Create following minimal test environment:

Windows 2000 Server, install IIS and Certificate Services on it (for issuing certificates)
Windows 2000 Workstation (for running both samples)
I will refer to these computers as 2K_SERVER and 2K_WRK.

4. Get two certificates from http://2K_SERVER /certsrv/. There is a form to send requests for certificates. Request certificates as a advanced request using form, you will connect to 2K_SERVER using IE from 2K_WRK. Do not mark private keys as exportable.

Client certificate:
Name: ‘put you user name here’, but any ‘name’ is ok
Intended Purpose: Client Authentication Certificate

Server certificate:
Name: 2K_WRK.DOMAIN.COM !!! must be upper case, full domain name !!!
Intended Purpose: Server Authentication Certificate

Rest of form is set to default values, you can use them. Submit form and install certificates. Run certmgr.exe on 2K_WRK to ensure you have got certificates installed on it.

5. Now you can start CHATSRVR on 2K_WRK. Use default port and enter full server name as a 'Cert. Name' in the first dialog. Should run with no problem. If it does not work, run it under debugger and send output from its ‘Debug’ window (place, where debug messages are sent and showed during debugging) to myself.
6. If CHATSRVR is running, start CHATTER on 2K_WRK. Enter your ‘user name’ from step 4. as a ‘Handle’. Put your server name into the ‘Server’ edit box. Leave default port. Program should connect to server CHATTER. If it does not work, run it under debugger and send output from its ‘Debug’ window (place, where debug messages are sent and showed during debugging) to myself.
7. Type something to CHATTER, it will appear at the CHATSRVR as your message.

If you have no server to install CA, contact me, I will try to provide certificates for testing demo programs for you.

Martin
QuestionPLEASE - HAS ANYONE GOTTEN THIS TO WORK? Pin
20-May-02 9:13
suss20-May-02 9:13 
AnswerRe: PLEASE - HAS ANYONE GOTTEN THIS TO WORK? Pin
Martin Ziacek21-May-02 0:05
Martin Ziacek21-May-02 0:05 
Questioncan CSslSocket run under win9x? Pin
19-May-02 14:53
suss19-May-02 14:53 
AnswerRe: can CSslSocket run under win9x? Pin
Martin Ziacek21-May-02 5:30
Martin Ziacek21-May-02 5:30 
QuestionWhy I can't use the chat client? Pin
12-May-02 21:21
suss12-May-02 21:21 
AnswerRe: Why I can't use the chat client? Pin
13-May-02 4:02
suss13-May-02 4:02 
GeneralRe: Why I can't use the chat client? Pin
13-May-02 5:43
suss13-May-02 5:43 
GeneralRe: Why I can't use the chat client? Pin
13-May-02 5:47
suss13-May-02 5:47 
GeneralRe: Why I can't use the chat client? Pin
coolali27-Sep-03 21:45
coolali27-Sep-03 21:45 
GeneralMS are useless Pin
15-Apr-02 20:37
suss15-Apr-02 20:37 
GeneralRe: Integrating the source code / compiler errors... Pin
Martin Ziacek26-Mar-02 8:03
Martin Ziacek26-Mar-02 8:03 
GeneralRe: Integrating the source code / compiler errors... Pin
9-Apr-02 1:59
suss9-Apr-02 1:59 
GeneralRe: Integrating the source code / compiler errors... Pin
Martin Ziacek9-Apr-02 10:42
Martin Ziacek9-Apr-02 10:42 
GeneralRe: Integrating the source code / compiler errors... Pin
Martin Ziacek9-Apr-02 11:03
Martin Ziacek9-Apr-02 11:03 
QuestionHow to use openssl to make the dem working? Pin
18-Jan-02 12:06
suss18-Jan-02 12:06 
AnswerRe: How to use openssl to make the dem working? Pin
Martin Ziacek18-Jan-02 12:22
Martin Ziacek18-Jan-02 12:22 
GeneralRe: How to use openssl to make the dem working? Pin
18-Jan-02 13:09
suss18-Jan-02 13:09 
Last Visit: 31-Dec-99 18:00     Last Update: 3-May-24 20:35Refreshᐊ Prev123456 Next ᐅ

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 24 Nov 2001

Article Copyright 2001 by Martin Ziacek
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1