SourcePro® API Reference Guide

 
List of all members | Public Member Functions | Related Functions
RWSecureSocket Class Reference

Represents a TCP socket using the SSL/TLS protocols for secure communication. More...

#include <rw/secsock/RWSecureSocket.h>

Inherited by RWSecureSocketPortalImp.

Public Member Functions

 RWSecureSocket (void)
 
 RWSecureSocket (const RWSockType &type)
 
 RWSecureSocket (const RWSecureSocketContext &context)
 
 RWSecureSocket (const RWSecureSocketContext &context, const RWSockType &type)
 
 RWSecureSocket (const RWSocket &sock, const RWSecureSocketContext &context, const RWSecureSocketSession &session)
 
 RWSecureSocket (const RWSecureSocketContext &context, const RWSecureSocketSession &session)
 
 RWSecureSocket (const RWSecureSocket &second)
 
 ~RWSecureSocket (void)
 
RWSecureSocket accept (RWSockAddr *addr=0) const
 
void bind (const RWSockAddrBase &address)
 
void bind (const RWSockAddrBase &address, const RWSecureSocketContext &context)
 
bool checkPrivateKey (void) const
 
void close (void)
 
void closesocket (void)
 
void connect (const RWSockAddrBase &addr)
 
void connect (const RWSockAddrBase &addr, const RWSecureSocketSession &session)
 
void connect (const RWSockAddrBase &addr, const RWSecureSocketContext &context)
 
void connect (const RWSockAddrBase &addr, const RWSecureSocketSession &session, const RWSecureSocketContext &context)
 
RWX509Certificate getCertificate (void) const
 
RWSecureSocketConnectionRep getConnection (void) const
 
const RWSecureSocketContextgetContext (void) const
 
RWInfoCallback getInfoCallback (void) const
 
RWX509Certificate getPeerCertificate (void) const
 
RWSockAddr getpeername (void) const
 
RWSecureSocketSession getSession (void) const
 
RWSSLShutdownMode getShutdownMode (void) const
 
SOCKET getSocket (void) const
 
RWSockAddr getsockname (void) const
 
void getsockopt (int level, int option, void *optval, RWSockLenType *optlen) const
 
int getsockopt (int option) const
 
RWCString id (unsigned level=0) const
 
void ioctl (long cmd, void *arg) const
 
void ioctl (long cmd, int arg) const
 
int ioctl (long cmd) const
 
void ioctlsocket (long cmd, void *arg) const
 
void ioctlsocket (long cmd, int arg) const
 
int ioctlsocket (long cmd) const
 
bool isValid (void) const
 
void listen (const RWSockAddrBase &addr, int backlog=5)
 
void listen (const RWSockAddrBase &addr, const RWSecureSocketContext &context, int backlog=5)
 
void listen (int backlog=5) const
 
bool operator< (const RWSecureSocket &s) const
 
RWSecureSocketoperator= (const RWSecureSocket &second)
 
bool operator== (const RWSecureSocket &s) const
 
RWNetBuf recv (int flags=0) const
 
int recv (char *buf, int len, int flags=0, RWNetBuf::State *state=0) const
 
RWNetBuf recvAtLeast (int n) const
 
int recvAtLeast (char *buf, int len, int n, RWNetBuf::State *s=0) const
 
int send (const RWCString &buf) const
 
int send (const char *buf, int len) const
 
void sendAtLeast (const RWCString &buf) const
 
int sendAtLeast (const RWCString &buf, int n) const
 
void sendAtLeast (const char *buf, int n) const
 
int sendAtLeast (const char *buf, int bufLen, int n) const
 
void setCertificate (const RWX509Certificate &cert)
 
void setCertificateVerifyMode (int mode)
 
void setContext (const RWSecureSocketContext &context)
 
void setIdentity (const RWX509Certificate &cert, const RWPrivateKey &key)
 
void setInfoCallback (RWInfoCallback fun)
 
void setPrivateKey (const RWPrivateKey &pkey)
 
void setSession (const RWSecureSocketSession &session)
 
void setShutdownMode (RWSSLShutdownMode mode)
 
void setsockopt (int level, int option, void *optval, int optlen) const
 
void setsockopt (int option, int optval) const
 
void shutdown (void) const
 

Related Functions

(Note that these are not member functions.)

typedef void(* RWInfoCallback) (const SSL *conn, int what, int good)
 
typedef SSL * RWSecureSocketConnectionRep
 

Detailed Description

RWSecureSocket is an abstraction of a TCP socket using the SSL/TLS protocols for secure communication. It was designed to operate similarly to the non-secure RWSocket class.

Constructor & Destructor Documentation

RWSecureSocket::RWSecureSocket ( void  )
inline

Sets the socket to an invalid state. You must initialize the instance with a call to connect() or bind() before it can be used.

RWSecureSocket::RWSecureSocket ( const RWSockType type)
inline

Constructs the underlying socket given the provided socket type. The underlying context is not initialized. You must initialize it with a call to setContext(), or by calling an overload of connect() or bind() that takes an RWSecureSocketContext.

RWSecureSocket::RWSecureSocket ( const RWSecureSocketContext context)

Creates an RWSecureSocket from an existing secure socket context.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
RWSecureSocket::RWSecureSocket ( const RWSecureSocketContext context,
const RWSockType type 
)

Creates an RWSecureSocket from an existing secure socket context, and initializes the underlying socket from the provided type.

RWSecureSocket::RWSecureSocket ( const RWSocket sock,
const RWSecureSocketContext context,
const RWSecureSocketSession session 
)

Creates an RWSecureSocket from an RWSocket and an RWSecureSocketSession. Assumes the socket is already connected. Closes the socket on error.

Note
sock should not be used directly after constructing an RWSecureSocket with it. If an error occurs while constructing the RWSecureSocket, the underlying socket will be closed.
Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
RWSecureSocket::RWSecureSocket ( const RWSecureSocketContext context,
const RWSecureSocketSession session 
)

Creates an RWSecureSocket from an existing session and secure socket context.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
RWSecureSocket::RWSecureSocket ( const RWSecureSocket second)

Performs a shallow copy – new memory is not allocated, only the pointer addresses are copied.

RWSecureSocket::~RWSecureSocket ( void  )

Destructor.

Member Function Documentation

RWSecureSocket RWSecureSocket::accept ( RWSockAddr addr = 0) const

Accepts a connection that is waiting at this socket. A queue for incoming connections must first be created using listen(). If addr is non-null, returns the peer's address in addr. You can also get the peer's address by calling getpeername() on the returned RWSecureSocket.

If the socket is set to block (the default), accept() blocks until a connection request arrives. If the socket is set to be non-blocking, accept() returns directly. If no connections were available, the returned socket is invalid and *addr is unchanged. Use isValid() to check the returned socket.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
void RWSecureSocket::bind ( const RWSockAddrBase address)

Assigns an address to an as-yet unnamed socket. Used primarily by servers, which need to specify the port on which they wait for connections.

Note
When the bind() member function is invoked on an uninitialized socket, the function initializes the socket and sets the SO_REUSEADDR option on the socket. If you do not want this option to be set, call the RWSecureSocket(const RWSockType&) member function to initialize the socket before you invoke bind(). See section "Socket Security" under Chapter 8, "The Windows Socket Adapter" in the Essential Networking Module User's Guide for more information.
void RWSecureSocket::bind ( const RWSockAddrBase address,
const RWSecureSocketContext context 
)

Assigns an address to an as-yet unnamed socket. Used primarily by servers, which need to specify the port on which they wait for connections.

Note
When the bind() member function is invoked on an uninitialized socket, the function initializes the socket and sets the SO_REUSEADDR option on the socket. If you do not want this option to be set, call the RWSecureSocket(const RWSockType&) member function to initialize the socket before you invoke bind(). See section "Socket Security" under Chapter 8, "The Windows Socket Adapter" in the Essential Networking Module User's Guide for more information.
bool RWSecureSocket::checkPrivateKey ( void  ) const
inline

Checks that the certificate and the private key set against the SSL connection match. Returns true if the keys match, false otherwise.

void RWSecureSocket::close ( void  )

Terminates this connection and removes the socket. If an SSL connection was ever established, close() blocks until the SSL connection is shut down. The underlying socket is then set to an invalid state. If this is the only file descriptor in the process using this socket, the resources used to maintain the socket are deallocated and any unread data is discarded.

Exceptions
RWSocketErrorThrown if the underlying socket is not connected or does not refer to a valid socket.
RWSecureSocketShutdownErrorThrown if an error has occurred at the protocol level or a connection failure occurred.
RWSecureSocketErrorThrown if the underlying secure socket is not connected or does not refer to a valid secure socket.
void RWSecureSocket::closesocket ( void  )

Alias for close().

void RWSecureSocket::connect ( const RWSockAddrBase addr)

Connects this socket to the remote address addr, using context if specified, and attempting to reuse session if specified. If the socket has not been initialized, connect() initializes it.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
Note
Any failure causes a bound socket to be closed.
void RWSecureSocket::connect ( const RWSockAddrBase addr,
const RWSecureSocketSession session 
)

Connects this socket to the remote address addr, using context if specified, and attempting to reuse session if specified. If the socket has not been initialized, connect() initializes it.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
Note
Any failure causes a bound socket to be closed.
void RWSecureSocket::connect ( const RWSockAddrBase addr,
const RWSecureSocketContext context 
)

Connects this socket to the remote address addr, using context if specified, and attempting to reuse session if specified. If the socket has not been initialized, connect() initializes it.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
Note
Any failure causes a bound socket to be closed.
void RWSecureSocket::connect ( const RWSockAddrBase addr,
const RWSecureSocketSession session,
const RWSecureSocketContext context 
)

Connects this socket to the remote address addr, using context if specified, and attempting to reuse session if specified. If the socket has not been initialized, connect() initializes it.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library cannot allocate memory.
Note
Any failure causes a bound socket to be closed.
RWX509Certificate RWSecureSocket::getCertificate ( void  ) const

After establishing a connection, returns the certificate presented by the application at the other end of the SSL connection.

Exceptions
RWSecureSocketNullCertificateErrorThrown when the underlying function fails.
RWSecureSocketConnectionRep RWSecureSocket::getConnection ( void  ) const
inline

Returns the connection pointer.

const RWSecureSocketContext& RWSecureSocket::getContext ( void  ) const

Returns a reference to the context used to create the secure socket connection.

Exceptions
RWSecureSocketInvalidSocketErrorThrown when the socket is invalid.
RWInfoCallback RWSecureSocket::getInfoCallback ( void  ) const

Returns the current information callback for the current connection.

RWX509Certificate RWSecureSocket::getPeerCertificate ( void  ) const

If a connection is established, returns the certificate the peer is using. A peer certificate does not exist if the process is a server and is not performing client authentication.

Exceptions
RWSecureSocketNullCertificateErrorThrown when the underlying function fails.
RWSockAddr RWSecureSocket::getpeername ( void  ) const

Returns the address of the peer connected to this socket.

RWSecureSocketSession RWSecureSocket::getSession ( void  ) const

Returns one of the following:

  • If an SSL connection is active (connect has been called), getSession(), returns the active session associated with this RWSecureSocket.
    • TLSv1.3 sessions are not established until after main handshake. A valid session ticket is obtained by the client after recv() has been called.
  • If an SSL connection is not active and this RWSecureSocket has never been connected, getSession(), returns an invalid session.
  • If an SSL connection is not active but this RWSecureSocket has been connected before, getSession(), returns the session used for the previous connection.

Applications should check the returned RWSecureSocketSession for validity using RWSecureSocketSession::isValid().

RWSSLShutdownMode RWSecureSocket::getShutdownMode ( void  ) const

Gets the current shutdown mode for this RWSecureSocket.

SOCKET RWSecureSocket::getSocket ( void  ) const
inline

Returns the C API socket descriptor encapsulated by this RWSecureSocket.

RWSockAddr RWSecureSocket::getsockname ( void  ) const

Returns the address that the socket is bound to.

void RWSecureSocket::getsockopt ( int  level,
int  option,
void *  optval,
RWSockLenType optlen 
) const

Returns the socket option setting. The single-argument version is intended for the usual case, which is the SOL_SOCKET level and an integer option.

int RWSecureSocket::getsockopt ( int  option) const

Returns the socket option setting. The single-argument version is intended for the usual case, which is the SOL_SOCKET level and an integer option.

RWCString RWSecureSocket::id ( unsigned  level = 0) const

Returns a string identifying the local and (if applicable) foreign addresses of this socket. Increasing level increases the amount of detail in the output. The returned string format depends on the underlying address types.

void RWSecureSocket::ioctl ( long  cmd,
void *  arg 
) const

Gets or retrieves socket operating parameters.

void RWSecureSocket::ioctl ( long  cmd,
int  arg 
) const

Gets or retrieves socket operating parameters. This overload is useful for commands that expect an integer argument and return nothing (such as FIONBIO).

This function is commonly used to set blocking or non-blocking mode on a socket. To set a socket to non-blocking, use ioctl(FIONBIO,1). To set to blocking, use ioctl(FIONBIO,0).

Note
You can also use the global functions rwSetBlocking() and rwSetNonBlocking() to set the blocking mode on an RWSecureSocket.
int RWSecureSocket::ioctl ( long  cmd) const

Gets or sets socket operating parameters. This overload is useful for commands that return ints (like FIONREAD or SIOCATMARK).

void RWSecureSocket::ioctlsocket ( long  cmd,
void *  arg 
) const

Alias for ioctl().

void RWSecureSocket::ioctlsocket ( long  cmd,
int  arg 
) const

Alias for ioctl()

int RWSecureSocket::ioctlsocket ( long  cmd) const

Alias for ioctl()

bool RWSecureSocket::isValid ( void  ) const

Checks if the socket is ready for use. Returns true if ready, false if otherwise void.

void RWSecureSocket::listen ( const RWSockAddrBase addr,
int  backlog = 5 
)

Prepares a socket to accept incoming connections. The backlog parameter sets the number of incoming connection requests that the protocol software will enqueue while a connection is being processed.

Note
When the listen() member function is invoked on an uninitialized socket, the function initializes the socket and sets the SO_REUSEADDR option on the socket. If you do not want this option to be set, call the RWSecureSocket(const RWSockType&) member function to initialize the socket before you invoke listen(). See section "Socket Security" under Chapter 8, "The Windows Socket Adapter" in the Essential Networking Module User's Guide for more information.
void RWSecureSocket::listen ( const RWSockAddrBase addr,
const RWSecureSocketContext context,
int  backlog = 5 
)

Prepares a socket to accept incoming connections. The backlog parameter sets the number of incoming connection requests that the protocol software will enqueue while a connection is being processed.

Note
When the listen() member function is invoked on an uninitialized socket, the function initializes the socket and sets the SO_REUSEADDR option on the socket. If you do not want this option to be set, call the RWSecureSocket(const RWSockType&) member function to initialize the socket before you invoke listen(). See section "Socket Security" under Chapter 8, "The Windows Socket Adapter" in the Essential Networking Module User's Guide for more information.
void RWSecureSocket::listen ( int  backlog = 5) const

Prepares a bound socket to accept incoming connections. The backlog parameter sets the number of incoming connection requests that the protocol software will enqueue while a connection is being processed.

bool RWSecureSocket::operator< ( const RWSecureSocket s) const

Does nothing; declared but not defined. Causes a linker error if the call is attempted. Included to accommodate compilers that resolve all template instantiation at compile time.

RWSecureSocket& RWSecureSocket::operator= ( const RWSecureSocket second)

Assignment operator.

bool RWSecureSocket::operator== ( const RWSecureSocket s) const

Returns true if the two sockets refer to the same underlying communications channel.

RWNetBuf RWSecureSocket::recv ( int  flags = 0) const

Reads data from a connected socket. The flags parameter must be either 0 or MSG_PEEK; other flags do not apply to secure sockets.

The variant using an explicit buffer, or buf, returns the number of bytes actually received, which may be 0 for a non-blocking socket with no data waiting or for an end of file. The optional state parameter is set to RWNetBuf::eof when end of file is detected, RWNetBuf::normal otherwise. You must use this parameter to detect end of file when using an explicit buffer. You can only "return" in a return value, not a parameter.

Exceptions
RWSecureSocketErrorThrown if the flags parameter is set to something other than 0 or MSG_PEEK.
int RWSecureSocket::recv ( char *  buf,
int  len,
int  flags = 0,
RWNetBuf::State state = 0 
) const

Reads data from a connected socket. The flags parameter must be either 0 or MSG_PEEK; other flags do not apply to secure sockets.

The variant using an explicit buffer, or buf, returns the number of bytes actually received, which may be 0 for a non-blocking socket with no data waiting or for an end of file. The optional state parameter is set to RWNetBuf::eof when end of file is detected, RWNetBuf::normal otherwise. You must use this parameter to detect end of file when using an explicit buffer. You can only "return" in a return value, not a parameter.

Exceptions
RWSecureSocketErrorThrown if the flags parameter is set to something other than 0 or MSG_PEEK.
RWNetBuf RWSecureSocket::recvAtLeast ( int  n) const

Guaranteed either to receive n characters or throw an exception. This call is only valid for stream sockets. Implemented as a loop calling recv() until all data has been received. If an error is returned from the underlying recv() call, a RWSecureSocketError is thrown. If no data is read, a RWNetCantRecvError is thrown.

int RWSecureSocket::recvAtLeast ( char *  buf,
int  len,
int  n,
RWNetBuf::State s = 0 
) const

Guaranteed either to receive n characters or throw an exception. This call is only valid for stream sockets. Implemented as a loop calling recv() until all data has been received. If an error is returned from the underlying recv() call, a RWSecureSocketError is thrown. If no data is read, a RWNetCantRecvError is thrown.

int RWSecureSocket::send ( const RWCString buf) const

Sends data from a connected socket, and returns the number of bytes sent. The number of bytes is 0 if the socket is non-blocking and the internal buffer for the socket is full.

int RWSecureSocket::send ( const char *  buf,
int  len 
) const

Sends data from a connected socket, and returns the number of bytes sent. The number of bytes is 0 if the socket is non-blocking and the internal buffer for the socket is full.

void RWSecureSocket::sendAtLeast ( const RWCString buf) const

Guaranteed to send at least n characters or the entire buffer, if your application does not specify n. This call is only valid for stream sockets. Implemented as a loop calling send() to send the data.

int RWSecureSocket::sendAtLeast ( const RWCString buf,
int  n 
) const

Guaranteed to send at least n characters or the entire buffer, if your application does not specify n. This call is only valid for stream sockets. Implemented as a loop calling send() to send the data.

void RWSecureSocket::sendAtLeast ( const char *  buf,
int  n 
) const

Guaranteed to send at least n characters or the entire buffer, if your application does not specify n. This call is only valid for stream sockets. Implemented as a loop calling send() to send the data.

int RWSecureSocket::sendAtLeast ( const char *  buf,
int  bufLen,
int  n 
) const

Guaranteed to send at least n characters or the entire buffer, if your application does not specify n. This call is only valid for stream sockets. Implemented as a loop calling send() to send the data.

void RWSecureSocket::setCertificate ( const RWX509Certificate cert)

Binds a certificate to the secure socket connection. A certificate loaded via this function is used to identify the owner of the secure socket connection. The certificate must be loaded before the SSL connection can successfully respond to a certificate request.

Exceptions
RWSecureSocketUseCertificateErrorThrown when the underlying call fails.
Note
If the setCertificate() function is called before setPrivateKey(), the cryptographic library automatically compares the key and the certificate. If the key does not match the certificate, setPrivateKey() throws RWSecureSocketUsePrivateKeyError. This exception is not thrown if setPrivateKey() is called before setCertificate(), even if the key does not match the certificate. In any case, if the key does not match the certificate, checkPrivateKey() returns false.
void RWSecureSocket::setCertificateVerifyMode ( int  mode)

Sets the certificate verify mode. Options may be combined with the bitwise-or operator. Allowable values for the mode parameter are shown in the table below.

Value Description
SSL_VERIFY_NONE Ignores results of certificate verification (Not Recommended)
SSL_VERIFY_PEER Verify the other end of the connection
SSL_VERIFY_CLIENT_ONCE Ensures that when attempting to reuse a session, a client certificate will not be re-requested if one has previously been sent to the server.
SSL_VERIFY_FAIL_IF_NO_PEER_CERT Ensures that the verification fails if the peer does not provide a certificate. (This option is most often used by servers requesting client verification)
void RWSecureSocket::setContext ( const RWSecureSocketContext context)

Sets the secure socket context for the socket. A socket must be associated with a context before it can be used.

Exceptions
RWSecureSocketUnderlyingAllocationErrorThrown if the cryptographic library is unsuccessful in allocating memory.
void RWSecureSocket::setIdentity ( const RWX509Certificate cert,
const RWPrivateKey key 
)

A convenience function that should be used by the side of the SSL/TLS protocol that is being authenticated. Normally this function is called by the server. If client authentication is used, this function is also called by the client to establish its own identity. Calling setIdentity() is equivalent to calling setPrivateKey(pkey), setCertificate(cert), and checkPrivateKey().

Exceptions
RWCertificateKeyMismatchErrorThrown if checkPrivateKey() returns false.
void RWSecureSocket::setInfoCallback ( RWInfoCallback  fun)

Sets the current information callback for the current connection. For more information, see the Secure Communication Module User's Guide.

void RWSecureSocket::setPrivateKey ( const RWPrivateKey pkey)

Sets the private key to use for a given secure socket connection.

void RWSecureSocket::setSession ( const RWSecureSocketSession session)

Sets the current session.

void RWSecureSocket::setShutdownMode ( RWSSLShutdownMode  mode)

Sets the shutdown mode. When an SSL/TLS connection is about to be shut down and the shutdown mode is RWSSLShutdownMode::RW_SSL_SHUTDOWN_NORMAL (the default), the side of the protocol initiating the shutdown sends a CloseVerify message to its peer and waits for the peer to respond with a CloseVerify message.

See also
RWSSLShutdownMode.

Some SSL/TLS libraries incorrectly implement the shutdown protocol. To enable interoperability with these libraries, set the shutdown mode to RWSSLShutdownMode::RW_SSL_SHUTDOWN_QUIET. This mode instructs the libraries to ignore the CloseVerify portion of the protocol.

The shutdown mode set with this function applies to all sockets and portals created with this RWSecureSocket.

void RWSecureSocket::setsockopt ( int  level,
int  option,
void *  optval,
int  optlen 
) const

Sets a socket option setting. The two-argument function is intended for the usual case, which is the SOL_SOCKET level and an integer option.

void RWSecureSocket::setsockopt ( int  option,
int  optval 
) const

Sets a socket option setting. The two-argument function is intended for the usual case, which is the SOL_SOCKET level and an integer option.

void RWSecureSocket::shutdown ( void  ) const

Shuts down the SSL connection. The socket is not shut down or closed and resources are not deallocated. Use close() or closesocket() to deallocate these resources.

Exceptions
RWSocketErrorThrown if the underlying socket is not connected or does not refer to a valid socket.
RWSecureSocketShutdownErrorThrown if an error has occurred at the protocol level or a connection failure occurred.
RWSecureSocketErrorThrown if the underlying secure socket is not connected or does not refer to a valid secure socket.

Friends And Related Function Documentation

typedef void(* RWInfoCallback) (const SSL *conn, int what, int good)
related

A typedef for a callback function that is invoked during various stages of an SSL/TLS handshake.

Parameters
connThe secure socket connection.
whatThe current SSL protocol state.
goodThe condition of the connection within the given protocol state.
typedef SSL* RWSecureSocketConnectionRep
related

This is the internal secure socket connection representation.

Copyright © 2023 Rogue Wave Software, Inc., a Perforce company. All Rights Reserved.