|
||
class CSecureSocket : public CBase;
Secure sockets class.
CBase
-
Base class for all classes to be instantiated on the heap.
CSecureSocket
- Secure sockets class.
Defined in CSecureSocket
:
AvailableCipherSuites(TDes8 &)
Gets the available cipher suites.CancelAll()
Cancels all the send and receive actions in the SSL state machine. CancelHandshake()
Cancels the handshake. CancelRecv()
Cancels a receive action in the SSL state machine. CancelSend()
Cancels a send action in the SSL state machine. ClientCert()
Gets the current client certificate.ClientCertMode()
Gets the current client certificate mode.Close()
Closes the secure connection and the socket.CurrentCipherSuite(TDes8 &)
Gets the current cipher suite in use.DialogMode()
Gets the current dialog mode.FlushSessionCache()
Flushes the session cache. GetOpt(TUint,TUint,TDes8 &)
Gets an option.GetOpt(TUint,TUint,TInt &)
Gets an option.NewL(MGenericSecureSocket &,const TDesC &)
Creates and returns a pointer to a new secure socket.NewL(RSocket &,const TDesC &)
Creates and returns a pointer to a new secure socket.Protocol(TDes &)
Gets the protocol in use.Recv(TDes8 &,TRequestStatus &)
Receives data from the socket.RecvOneOrMore(TDes8 &,TRequestStatus &,TSockXfrLength &)
Receives data from the socket.RenegotiateHandshake(TRequestStatus &)
Initiates a renegotiation of the secure connection.Send(const TDesC8 &,TRequestStatus &)
Sends data over the socket.Send(const TDesC8 &,TRequestStatus &,TSockXfrLength &)
Sends data over the socket.ServerCert()
Gets the current server certificate.SetAvailableCipherSuites(const TDesC8 &)
Sets the list of cipher suites that are available for use.SetClientCert(const CX509Certificate &)
Sets the client certificate to use.SetClientCertMode(const TClientCertMode)
Sets the client certificate mode.SetDialogMode(const TDialogMode)
Sets the Dialog mode.SetOpt(TUint,TUint,TInt)
Sets an option.SetOpt(TUint,TUint,const TDesC8 &)
Sets an option.SetProtocol(const TDesC &)
Sets the protocolSetServerCert(const CX509Certificate &)
Sets the server X.509 certificate.StartClientHandshake(TRequestStatus &)
Starts the client handshake.StartServerHandshake(TRequestStatus &)
Starts the server handshake.Inherited from CBase
:
Delete(CBase *)
Deletes the specified object.Extension_(TUint,TAny *&,TAny *)
Extension function operator new(TUint)
Allocates the object from the heap and then initialises its contents to binary z...operator new(TUint,TAny *)
Initialises the object to binary zeroes.operator new(TUint,TLeave)
Allocates the object from the heap and then initialises its contents to binary z...operator new(TUint,TLeave,TUint)
Allocates the object from the heap and then initialises its contents to binary z...operator new(TUint,TUint)
Allocates the object from the heap and then initialises its contents to binary z...IMPORT_C static CSecureSocket* NewL(RSocket &aSocket, const TDesC &aProtocol);
Creates and returns a pointer to a new secure socket.
A reference to an already open and connected socket should be passed in, along with a descriptor that contains the protocol name.
|
|
IMPORT_C static CSecureSocket* NewL(MGenericSecureSocket &aSocket, const TDesC &aProtocol);
Creates and returns a pointer to a new secure socket.
A reference to a socket derived from MGenericSecureSocket
should be passed in, along with a descriptor that contains the protocol name.
|
|
IMPORT_C TInt AvailableCipherSuites(TDes8 &aCiphers);
Gets the available cipher suites.
Note that ciphersuites using NULL encryption or PSK key exchange will not be included unless they have been enabled via SetOpt.
|
|
IMPORT_C void CancelAll();
Cancels all the send and receive actions in the SSL state machine.
IMPORT_C const CX509Certificate* ClientCert();
Gets the current client certificate.
When a secure socket is acting in server mode, the returned certificate will be the certificate that the remote client provided. When acting in client mode, the certificate returned will be local certificate.
|
IMPORT_C TClientCertMode ClientCertMode();
Gets the current client certificate mode.
The client certificate mode is used when the socket is acting as a server, and determines whether a client certificate is requested.
|
IMPORT_C TDialogMode DialogMode();
Gets the current dialog mode.
|
IMPORT_C void Close();
Closes the secure connection and the socket.
Implementations should terminate the secure connection gracefully as appropriate to their protocol. The RSocket
object is not destoyed: this is left to the client application.
IMPORT_C TInt CurrentCipherSuite(TDes8 &aCipherSuite);
Gets the current cipher suite in use.
The current cipher suite is returned in the referenced buffer in two byte format as, i.e. [0x??][0x??].
|
|
IMPORT_C TInt GetOpt(TUint aOptionName, TUint aOptionLevel, TDes8 &aOption);
Gets an option.
Secure socket implementations may provide options that can be used with this function.
(nb. Getting the KSoServerNameIndication option is not supported).
|
|
IMPORT_C TInt GetOpt(TUint aOptionName, TUint aOptionLevel, TInt &aOption);
Gets an option.
Secure socket implementations may provide options that can be used with this method.
(nb. Getting the KSoServerNameIndication option is not supported).
|
|
IMPORT_C TInt Protocol(TDes &aProtocol);
Gets the protocol in use.
This
method can be used to return the particular protocol/version that is being used by implementations that support different
protocols/versions.
|
|
IMPORT_C void Recv(TDes8 &aDesc, TRequestStatus &aStatus);
Receives data from the socket.
This
is an asynchronous function, and completes when the descriptor has been filled. Only one CSecureSocket::Recv(TDes8 &,TRequestStatus &)
or CSecureSocket::RecvOneOrMore(TDes8 &,TRequestStatus &,TSockXfrLength &)
operation can be outstanding at any time.
|
IMPORT_C void RecvOneOrMore(TDes8 &aDesc, TRequestStatus &aStatus, TSockXfrLength &aLen);
Receives data from the socket.
This
is an asynchronous function, and will complete when at least one byte has been read. Only one CSecureSocket::Recv(TDes8 &,TRequestStatus &)
or CSecureSocket::RecvOneOrMore(TDes8 &,TRequestStatus &,TSockXfrLength &)
operation can be outstanding at any time.
|
IMPORT_C void RenegotiateHandshake(TRequestStatus &aStatus);
Initiates a renegotiation of the secure connection.
This
is an asynchronous function that completes when renegotiation is complete. It is valid for both client and server operation.
There can only be one outstanding CSecureSocket::RenegotiateHandshake(TRequestStatus &)
operation at a time.
|
IMPORT_C void Send(const TDesC8 &aDesc, TRequestStatus &aStatus, TSockXfrLength &aLen);
Sends data over the socket.
This
is an asynchronous function. Only one CSecureSocket::Send(const TDesC8 &,TRequestStatus &,TSockXfrLength &)
operation can be outstanding at any time.
|
IMPORT_C void Send(const TDesC8 &aDesc, TRequestStatus &aStatus);
Sends data over the socket.
This
is an asynchronous function. Only one CSecureSocket::Send(const TDesC8 &,TRequestStatus &,TSockXfrLength &)
operation can be outstanding at any time, and the function will complete with the error KErrNotReady if called when a send
is still outstanding.
|
IMPORT_C const CX509Certificate* ServerCert();
Gets the current server certificate.
When a secure socket is acting in client mode, the returned certificate will be the certificate for the remote server. When acting in server mode, the certificate returned will be the local certificate.
Note that the operation in server mode is currently reserved for future use, and returns NULL.
|
IMPORT_C TInt SetAvailableCipherSuites(const TDesC8 &aCiphers);
Sets the list of cipher suites that are available for use.
The list of cipher suites should be supplied in a descriptor in the format as per the TLS RFC, i.e. [0x??][0x??] for each suite. The order of suites is important, and so they should be listed with the preferred suites first.
Note that ciphersuites using NULL encryption or PSK key exchange will be considered unsupported unless these features have been enabled via SetOpt.
Unsupported ciphersuites are silently ignored except that if the list becomes empty KErrNotSupported will be returned.
|
|
IMPORT_C TInt SetClientCert(const CX509Certificate &aCert);
Sets the client certificate to use.
When a secure socket is acting in client mode, this method will set the certificate that will be used if a server requests one. When acting in server mode, if called this method will perform no action, but will return KErrNotSupported.
Note that this method is currently reserved for future use, and always returns KErrNotSupported.
|
|
IMPORT_C TInt SetClientCertMode(const TClientCertMode aClientCertMode);
Sets the client certificate mode.
|
|
IMPORT_C TInt SetDialogMode(const TDialogMode aDialogMode);
Sets the Dialog mode.
|
|
IMPORT_C TInt SetProtocol(const TDesC &aProtocol);
Sets the protocol
|
|
IMPORT_C TInt SetOpt(TUint aOptionName, TUint aOptionLevel, const TDesC8 &aOption=TPtrC8(0,0));
Sets an option.
SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.
In order for full verification of the Server certificate during handshake negotiation the domain name must be set. This
is done using the option KSoSSLDomainName, with the option level KSolInetSSL.
In order to use a TLS PSK ciphersuite the user must use the the option KSoPskConfig, with the option level KSolInetSSL. The
aOption argument should be a TPckgBuf<MSoPskKeyHandler *>. This
passes in a pointer to an object which implements the MSoPskKeyHandler
interface to decide which PSK identity and value the client wishes to use to secure the connection. See MSoPskKeyHandler
for further details. If the MSoPskKeyHandler
is NULL then PSK ciphersuites will be disabled again. If you specified an exact list of ciphersuites (by calling SetAvailableCipherSuites)
you must update that list to exclude PSK ciphersuites.
The option KSoServerNameIndication, with the option level KSolInetSSL can be used to include the RFC3546 server name indication
in the ClientHello sent to the server. This
can be used to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network
address. The aOption argument should be a TPckgBuf<CDesC8Array *>, ownership is passed in. One or more UTF-8 FQDNs can be
supplied. Neither trailing dots nor numeric IP addresses should be used.
|
|
IMPORT_C TInt SetOpt(TUint aOptionName, TUint aOptionLevel, TInt aOption);
Sets an option.
SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.
By default the TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA ciphersuites are disabled. These ciphersuites use NULL encryption and therefore offer no protection against evesdropping. Server authentication (and client, if a client certificate is used) is performed and data integrity is still checked (nb. TLS_NULL_WITH_NULL_NULL is never supported). In order to these ciphersuites the user must use the the option KSoEnableNullCiphers, with the option level KSolInetSSL and a non-zero argument. Using an argument of zero will disable them.
|
|
IMPORT_C TInt SetServerCert(const CX509Certificate &aCert);
Sets the server X.509 certificate.
|
|
IMPORT_C void StartClientHandshake(TRequestStatus &aStatus);
Starts the client handshake.
|
IMPORT_C void StartServerHandshake(TRequestStatus &aStatus);
Starts the server handshake.
|