Click here to Skip to main content
15,906,097 members
Search within:


Articles / Desktop Programming / MFC
 
Article

CSslSocket - SSL/TLS enabled CSocket

Rate me:
Please Sign up or sign in to vote.
4.60/5 (12 votes)
24 Nov 20012 min read 837K   11.1K   83   136
CSocket derived class with SSL/TLS extension

Motivation

Having seen SSL samples from Platform SDK (WebServer and WebClient) I found, it would be useful to benefit from SSL/TLS functionality built in Windows. However, these samples are not very user friendly - you can learn from them how SSL/TLS works in Windows, but adapt it to different applications is not easy.

Description of solution

I am sure everybody knows CSocket from MFC and has seen samples CHATTER / CHATSRVR - that's place where I started - my idea was to derive CSslSocket from CSocket and extend it with SSL functionality.

It means that CSslSocket works in the same way as CSocket and there are several small differences in the declarations of Create() and Listen() methods:

BOOL Create(
	UINT nSocketPort = 443,
	LPCTSTR lpszSocketAddress = NULL,
	const TCHAR *szCertName = NULL,
	BOOL bMachineStore = FALSE,
	DWORD dwProtocol = 0);
BOOL Listen(
	int nConnectionBacklog = 5,
	BOOL bAuthClient = FALSE);

Parameters nSocketPort, lpszSocketAddress are the same parameters as CSocket has. SSL/TLS are a stream based protocols, therefore you cannot specify SOCK_DGRAM in this method as it is possible for CSocket. However, you can specify name of certificate (you must have certificate for server side), certificate store  and preferred protocol (see SCHANNEL_CRED). Client certificate is not required, but you can force SSL engine to require it. In this case set bAuthClient to TRUE in call to Listen() method.

You can find more information about SSL/TLS and Schannel at locations specified at the begging of the article.

Usage

You can use CSslSocket exactly as you are using CSocket, use it directly, or derive your new class from CSslSocket and overwrite required method. See modified samples provided with this article.

Demo program(s)

There are modified samples from Microsoft CHATTER / CHATSRVR for demonstration of CSslSocket usage and work in the zipped file. Modifications are small - just CSocket is replaced with CSslSocekt and there is code to pass proper parameters to the CSslSocket class. You need one or two certificates to test my class. Simplest way is to install Certificate services from Microsoft and request certificates for client and server identification by web forms provided by Certificate services (you need Windows NT/2000 server), or you can use OpenSSL as well. Then just specify server certificate name for CHATSRVR  in the first dialog window and user certificate name for CHATTER.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Martin Ziacek
Software Developer (Senior)
United Kingdom United Kingdom
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
FirstPrev Next
GeneralRe: How to use openssl to make the dem working? Pin
22-Jan-02 9:01
suss22-Jan-02 9:01 
GeneralRe: How to use openssl to make the dem working? Pin
Martin Ziacek22-Jan-02 9:34
Martin Ziacek22-Jan-02 9:34 
GeneralRe: How to use openssl to make the dem working? Pin
22-Jan-02 11:50
suss22-Jan-02 11:50 
GeneralRe: How to use openssl to make the dem working? Pin
Martin Ziacek22-Jan-02 19:57
Martin Ziacek22-Jan-02 19:57 
GeneralRe: How to use openssl to make the dem working? Pin
23-Jan-02 7:04
suss23-Jan-02 7:04 
GeneralRe: How to use openssl to make the dem working? Pin
23-Jan-02 11:11
suss23-Jan-02 11:11 
GeneralRe: How to use openssl to make the dem working? Pin
23-Jan-02 12:08
suss23-Jan-02 12:08 
GeneralRe: How to use openssl to make the dem working? Pin
Martin Ziacek26-Jan-02 20:38
Martin Ziacek26-Jan-02 20:38 
Hi Bing,

I am very sorry for this late answer, my home machine temporary died and I was couple of days offline.

Since I tested my CSslSocket only on Win2k and I have no access to WinNT box at the moment, I can try only suggest to play with flags set in the SCHANNEL_CRED structure passed to AcquireCredentialsHandle(). Some of them, I have specified, are valid only on Win2k. Then demos should work fine. Let me know correct combination of flags, I will modify CSslSocket to work on NT and I will post it here.

Good luck,

Martin

-----Original Message-----
From: Bing Wang [mailto:biwang@hotmail.com]
Sent: 24 January 2002 23:27
To: martin.ziacek@pobox.sk
Subject: SSLSocket Problem


Hi Martin,

Thanks very much for all your help. I am still stuck there with making demo
work.

After spending hours and hours with your code for debugging, final I got to
this point and your help is indeed needed.

I have to stop iis on the box as iis hold port 443 as listening mode ( I
found out using netstat commend). I had problem with bind (The socket is
already bound to an address) if I don't stop iis since iis is holding port
443 for listening ssl connection.

I have to uninstall and reinstall cert server a couple of times as I want to
make the computername.domain cert into root CA store. And then I debug the
chatsrvr.exe and I got a problem at CSslSocket::ServerCreateCredentials in
these lines:
Status = m_SecurityFunc.AcquireCredentialsHandle(
NULL,
UNISP_NAME,
SECPKG_CRED_INBOUND,
NULL,
&m_SchannelCred,
NULL,
NULL,
phCreds,
&tsExpiry);

if(Status != SEC_E_OK) {
SetLastError(Status);
Status = Status;
break;
}

Status = 0x8009030d. I found out it means SEC_E_UNKNOWN_CREDENTIALS. Why
it's unknown credentials.

I have verified using certmgr and the cert is in Trusted Root CA tab. so it
should work right?

I appreciate very much for you quick response as I have some deadline to
meet. Sorry to send you a couple of email as I have leant more while
debugging and want to inform you.

best regards,
Bing Wang
GeneralRe: How to use openssl to make the dem working? Pin
28-Jan-02 10:10
suss28-Jan-02 10:10 
GeneralRe: How to use openssl to make the dem working? Pin
28-Jan-02 11:07
suss28-Jan-02 11:07 
GeneralCan't compile the sample code Pin
17-Jan-02 12:43
suss17-Jan-02 12:43 
GeneralRe: Can't compile the sample code Pin
Tim Smith17-Jan-02 13:10
Tim Smith17-Jan-02 13:10 
GeneralRe: Can't compile the sample code Pin
18-Jan-02 12:07
suss18-Jan-02 12:07 
GeneralRe: Can't compile the sample code Pin
16-Apr-02 23:31
suss16-Apr-02 23:31 
Generalsamples from Platform SDK Pin
Martin Ziacek27-Nov-01 20:25
Martin Ziacek27-Nov-01 20:25 
Last Visit: 31-Dec-99 18:00     Last Update: 26-May-24 23:42Refreshᐊ Prev123456

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 24 Nov 2001

Article Copyright 2001 by Martin Ziacek
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-05-23:1