Compilable C++ code to implement a secure SLL/TLS client using MS SSPI

Mike Trader picture Mike Trader · Jan 9, 2010 · Viewed 17.3k times · Source

As described here http://www.ddj.com/cpp/184401688

I do not have time to write this from scratch.

Asked and not answered https://stackoverflow.com/questions/434961/implementing-ssl

THE QUESTION IS:

I am looking for some compilable working source code that implements MS SSPI (as alluded to in the thread above), procedural not OOP preferred.

I have looked at the code projects sample here:

http://www.codeproject.com/KB/IP/sslclasses.aspx

But this is C# OOP. Converting this to C++ code is not trivial.

OpenSSL

SChannel calls follow GSS API standards. There are, of course, some alternatives -- OpenSSL for example. This package is a complete and thorough implementation of the protocol and for someone all too familiar with UNIX is undoubtedly the best choice. The package originally targeted the UNIX community and to compile it relies on the Perl runtime, so some learning curve is required for Windows developers who never worked with UNIX-type systems.

Apart from that, OpenSLL does some very non-standard things

Nikolai, Having contibuted a lot of COMPILABLE source code (www.coastrd.com) I was hoping to find someone willing to do the same.

Answer

Mike Trader picture Mike Trader · Jan 12, 2010

This SSPI SChannel SMTPS example should compile and run in Visual Studio 2008 as is

http://www.coastrd.com/c-schannel-smtp

SChannel is the Microsoft implementation of the GSS API that wraps the SSL/TLS protocol.

Advantages of utilizing SChannel:

  • gory details are shielded from the developer by the SSPI.
  • No extra setup is required to run the final application:
  • SChannel is an integral part of the operating system
  • On Windows ME/2000/XP/... platforms, SChannel is installed and configured by default
  • SChannel calls follow GSS API standards.
  • You do not need to create/install any certificates
  • no third party dll's (1MB or larger) to ship and install

The code should produce a session that looks like this:

----- SSPI Initialized
----- WinSock Initialized
----- Credentials Initialized
----- Connectd To Server
70 bytes of handshake data sent
974 bytes of handshake data received
182 bytes of handshake data sent
43 bytes of handshake data received
Handshake was successful
----- Client Handshake Performed
----- Server Credentials Authenticated

Server subject: C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com
Server issuer: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]

----- Certificate Chain Displayed
----- Server Certificate Verified
----- Server certificate context released

Protocol: TLS1
Cipher: RC4
Cipher strength: 128
Hash: MD5
Hash strength: 128
Key exchange: RSA
Key exchange strength: 1024
----- Secure Connection Info
64 bytes of (encrypted) application data received
Decrypted data: 43 bytes
220 mx.google.com ESMTP 6sm17740567yxg.66

Sending 7 bytes of plaintext:
EHLO

28 bytes of encrypted data sent
169 bytes of (encrypted) application data received
Decrypted data: 148 bytes
250-mx.google.com at your service, [22.33.111.222]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 PIPELINING

Sending 7 bytes of plaintext:
QUIT

28 bytes of encrypted data sent
69 bytes of (encrypted) application data received
Decrypted data: 48 bytes
221 2.0.0 closing connection 6sm17740567yxg.66

----- SMTP session Complete
Sending Close Notify
23 bytes of handshake data sent
----- Disconnected From Server
----- Begin Cleanup
----- All Done -----