| [/ |
| / Copyright (c) 2003-2010 Christopher M. Kohlhoff (chris at kohlhoff dot com) |
| / |
| / Distributed under the Boost Software License, Version 1.0. (See accompanying |
| / file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) |
| /] |
| |
| [section:ssl SSL] |
| |
| Boost.Asio contains classes and class templates for basic SSL support. These classes |
| allow encrypted communication to be layered on top of an existing stream, such |
| as a TCP socket. |
| |
| Before creating an encrypted stream, an application must construct an SSL |
| context object. This object is used to set SSL options such as verification |
| mode, certificate files, and so on. As an illustration, client-side |
| initialisation may look something like: |
| |
| ssl::context ctx(my_io_service, ssl::context::sslv23); |
| ctx.set_verify_mode(ssl::context::verify_peer); |
| ctx.load_verify_file("ca.pem"); |
| |
| To use SSL with a TCP socket, one may write: |
| |
| ssl::stream<ip::tcp::socket> ssl_sock(my_io_service, ctx); |
| |
| To perform socket-specific operations, such as establishing an outbound |
| connection or accepting an incoming one, the underlying socket must first be |
| obtained using the `ssl::stream` template's [link |
| boost_asio.reference.ssl__stream.lowest_layer `lowest_layer()`] member function: |
| |
| ip::tcp::socket::lowest_layer_type& sock = ssl_sock.lowest_layer(); |
| sock.connect(my_endpoint); |
| |
| In some use cases the underlying stream object will need to have a longer |
| lifetime than the SSL stream, in which case the template parameter should be a |
| reference to the stream type: |
| |
| ip::tcp::socket sock(my_io_service); |
| ssl::stream<ip::tcp::socket&> ssl_sock(sock, ctx); |
| |
| SSL handshaking must be performed prior to transmitting or receiving data over |
| an encrypted connection. This is accomplished using the `ssl::stream` |
| template's [link boost_asio.reference.ssl__stream.handshake handshake()] or |
| [link boost_asio.reference.ssl__stream.async_handshake async_handshake()] member |
| functions. |
| |
| Once connected, SSL stream objects are used as synchronous or asynchronous read |
| and write streams. This means the objects can be used with any of the [link |
| boost_asio.reference.read read()], [link boost_asio.reference.async_read async_read()], |
| [link boost_asio.reference.write write()], [link boost_asio.reference.async_write |
| async_write()], [link boost_asio.reference.read_until read_until()] or [link |
| boost_asio.reference.async_read_until async_read_until()] free functions. |
| |
| [heading See Also] |
| |
| [link boost_asio.reference.ssl__basic_context ssl::basic_context], |
| [link boost_asio.reference.ssl__context ssl::context], |
| [link boost_asio.reference.ssl__context_base ssl::context_base], |
| [link boost_asio.reference.ssl__context_service ssl::context_service], |
| [link boost_asio.reference.ssl__stream ssl::stream], |
| [link boost_asio.reference.ssl__stream_base ssl::stream_base], |
| [link boost_asio.reference.ssl__stream_service ssl::stream_service], |
| [link boost_asio.examples.ssl SSL example]. |
| |
| [heading Notes] |
| |
| [@http://www.openssl.org OpenSSL] is required to make use of Boost.Asio's SSL |
| support. When an application needs to use OpenSSL functionality that is not |
| wrapped by Boost.Asio, the underlying OpenSSL types may be obtained by calling [link |
| boost_asio.reference.ssl__basic_context.impl `ssl::context::impl()`] or [link |
| boost_asio.reference.ssl__stream.impl `ssl::stream::impl()`]. |
| |
| [endsect] |