支持SSL的封装类--CAsyncSslSocketLayer

Introduction

CAsyncSslSocketLayer

is a layer class for

CAsyncSocketEx

which allows you to establish SSL secured connections to servers.

For information about

CAsyncSocketEx

and the layer system in general, please read my CAsyncSocketEx article.

How to use

Using this class is really simple. In the easiest case, just add an instance of

CAsyncSslSocketLayer

to your socket and call

InitClientSsl

after creation of the socket.

This class only has three new public functions:

InitClientSsl();

This functions establishes an SSL connection to the server. You can call it at any time once the socket has been created. Most likely you want to call this function right after calling

Create

for the socket. But sometimes, you'll need to call this function later. One example is for an FTP connection with explicit SSL: In this case you would have to call

InitClientSsl

after receiving the reply to an

AUTH SSL

command.

UsingSSL();

Returns true if you've previously called

InitClientSsl()

SetNotifyReply(int nID, int nCode, int result);

You can call this function only after receiving a layer specific callback with the

SSL_VERIFY_CERT

ID. See below for details.

This layer sends some layer specific notifications to your socket instance, you can handle them in

OnLayerCallback

of your socket class. Valid notification IDs are:

SSL_INFO

0
There are two possible values for

param2

:

SSL_INFO_ESTABLISHED

0 - You'll get this notification if the SSL negotiation was successful.

SSL_INFO_SHUTDOWNCOMPLETE

1 - You'll get this notification if the SSL connection has been shut down successfully. See below for details.

SSL_FAILURE

1
This notification is sent if the SSL connection could not be established or if an existing connection failed. Valid values for

param2

are:

SSL_FAILURE_UNKNOWN

0 - Details may have been sent with a

SSL_VERBOSE_WARNING

or

SSL_VERBOSE_INFO

notification.

SSL_FAILURE_ESTABLISH

1 - Problem during SSL negotiation

SSL_FAILURE_LOADDLLS

2

SSL_FAILURE_INITSSL

4

SSL_FAILURE_VERIFYCERT

8 - The remote SSL certificate was invalid

SSL_VERBOSE_WARNING

3

SSL_VERBOSE_INFO

4
These two notifications contain some additional information. The value given by

param2

is a pointer to a null-terminated character string (

char *

) with some useful information.

SSL_VERIFY_CERT

2
This notification is sent each time a remote certificate has to be verified.

param2

is a pointer to a

t_SslCertData

structure which contains some information about the remote certificate. Return 1 if you trust the certificate and 0 if you don't trust it. If you're unsure so that the user has to choose to trust the certificate, return 2. In this case, you have to call

SetNotifyReply

later to resume the SSL connection.

nID

has to be the

priv_data

element of the

t_SslCertData

structure and

nCode

has to be

SSL_VERIFY_CERT

. Set

nAction

to 1 if you trust the certificate and 0 if you don't trust it.

Be careful with closing the connection after sending data, not all data may have been sent already. Before closing the connection, you should call

Shutdown()

and wait for the

SSL_INFO_SHUTDOWNCOMPLETE

notification. This assures that all encrypted data really has been sent.