SSL : Convert your Plain Sockets to SSL Sockets in an Easy Way

• Download source - 42.77 KB

Includes:

• SSL class soucre files (SSL.CPP, Z.H, SSL.H)
• Testing project TEL, telnet client and server with SSL ability.

Introduction

A lot of SSL stuff already exists, but it is in either MFC, NET or some other non-native format. Here is a simple class SSL_SOCKET that allows you to convert an existing SOCKET handle to SSL under Windows. I got much information from the great CSslSocket - SSL/TLS enabled CSocket MFC article, but I need a plain Win32 one

Features

• x86 / x64 compatible.
• HTML help.
• Supports Server and Client.

License

Free, for any kind or freeware, shareware, commercial, or whateverware project, as long as you give me credit for the library in your 'about box' or your application's documentation.

Creating the SSL Client

First, create and connect your socket using the normal socket functions (socket(), and connect()). Then construct an SSL_SOCKET:

// Say that X is a socket
SSL_SOCKET* SX = new SSL_SOCKET(X,0,0);

This creates an SSL_SOCKET object for an SSL_CLIENT. The last parameter to the constructor indicates that the object will create a tempora self-signed certificate to authenticate itself with the SSL server. If you want, you can pass your own PCERT_CONTEXT.

Next step is to call SSL_SOCKET::ClientInit()

// Initialize the Security Session
sX->ClientInit();

This also calls SSL_SOCKET::ClientLoop() to initialize the SSL Session. (If you don't want to initialize the SSL session at this time, call ClientInit(true) and then later call ClientLoop()). Once the loop returns 0 (success), you can then use the following functions:

• int SSL_SOCKET:: s_send(char* b, int sz); // Sends data, returns 0 or -1 on error (like normal send()).
• int SSL_SOCKET:: s_ssend(char* b, int sz); // Sends data, returns 0 or -1 on error (like normal send()). Does not return until all the bytes have been sent or an error occurs.
• int SSL_SOCKET:: s_recv(char* b, int sz); // Receives data, returns 0 or -1 on error (like normal recv()).
• int SSL_SOCKET:: s_ssend(char* b, int sz); // Receives data, returns 0 or -1 on error (like normal recv()). Does not return until all the bytes have been received or an error occurs.

If you like, you can call also send_p, ssend_p, recv_p, rrecv_p to send/receive raw bytes (without messaging encryption/decryption), if you can encrypt/decrypt the stuff yourself.

Polite shutdown of the client connection is calling SSL_SOCKET :: ClientOff() before calling closesocket().

Creating the SSL Server

First, create and accept your socket using the normal socket functions (socket(), bind(), listen() and accept()). Then construct a SSL_SOCKET:

// Say that X is a socket
SSL_SOCKET* SX = new SSL_SOCKET(X,1,0);

This creates an SSL_SOCKET object for a SSL_CLIENT. The last parameter to the constructor indicates that the object will create a tempora self-signed certificate to authenticate itself with the SSL server. If you want, you can pass your own PCERT_CONTEXT. Note that some clients will test the certificate and reject it or warn it, so you may want to pass a trusted certificate.

Next step is to call SSL_SOCKET::ServerInit()

// Initialize the Security Session
sX->ServerInit();

This also calls SSL_SOCKET::ServerLoop() to initialize the SSL Session. (If you don't want to initialize the SSL session at this time, call ServerInit(true) and then later call ServerLoop()). Once the loop returns 0 (success), you can then use the send/recv functions discussed above.

Shutdown the server by calling SSL_Socket :: ServerOff().

Other Features

These are some features I'd like to implement in the future:

• Certificate verification (not yet completed)
• Documentation (SSL.CHM) is pending.

Please leave your questions and comments!

History

• March 13, 2007 - Original version posted