Symbian
Symbian Developer Library

SYMBIAN OS V9.4

Feedback

[Index] [Previous] [Next]

#include <SecureSocket.h>
Link against: securesocket.lib

Class CSecureSocket

class CSecureSocket : public CBase;

Description

Secure sockets class.

Derivation

Members

Defined in CSecureSocket:

Inherited from CBase:


Construction and destruction


NewL(RSocket &,const TDesC &)

IMPORT_C static CSecureSocket* NewL(RSocket &aSocket, const TDesC &aProtocol);

Description

Creates and returns a pointer to a new secure socket.

A reference to an already open and connected socket should be passed in, along with a descriptor that contains the protocol name.

Parameters

RSocket &aSocket

A reference to an open and connected RSocket object.

const TDesC16 &aProtocol

A constant descriptor containing the protocol name.

Return value

CSecureSocket *

A pointer to the newly created secure socket, or NULL if the creation failed.


NewL(MGenericSecureSocket &,const TDesC &)

IMPORT_C static CSecureSocket* NewL(MGenericSecureSocket &aSocket, const TDesC &aProtocol);

Description

Creates and returns a pointer to a new secure socket.

A reference to a socket derived from MGenericSecureSocket should be passed in, along with a descriptor that contains the protocol name.

Parameters

MGenericSecureSocket &aSocket

A reference to an MGenericSecureSocket derived object.

const TDesC16 &aProtocol

A constant descriptor containing the protocol name.

Return value

CSecureSocket *

A pointer to the newly created secure socket, or NULL if the creation failed.

[Top]


Member functions


AvailableCipherSuites(TDes8 &)

IMPORT_C TInt AvailableCipherSuites(TDes8 &aCiphers);

Description

Gets the available cipher suites.

Note that ciphersuites using NULL encryption or PSK key exchange will not be included unless they have been enabled via SetOpt.

Parameters

TDes8 &aCiphers

Descriptor holding the ciphers.

Return value

TInt

KErrNone if successful, a system-wide error code if not.


CancelAll()

IMPORT_C void CancelAll();

Description

Cancels all the send and receive actions in the SSL state machine.


CancelHandshake()

IMPORT_C void CancelHandshake();

Description

Cancels the handshake.


CancelRecv()

IMPORT_C void CancelRecv();

Description

Cancels a receive action in the SSL state machine.


CancelSend()

IMPORT_C void CancelSend();

Description

Cancels a send action in the SSL state machine.


ClientCert()

IMPORT_C const CX509Certificate* ClientCert();

Description

Gets the current client certificate.

When a secure socket is acting in server mode, the returned certificate will be the certificate that the remote client provided. When acting in client mode, the certificate returned will be local certificate.

Return value

const CX509Certificate *

A pointer to the client certificate, or NULL if none exists.


ClientCertMode()

IMPORT_C TClientCertMode ClientCertMode();

Description

Gets the current client certificate mode.

The client certificate mode is used when the socket is acting as a server, and determines whether a client certificate is requested.

Return value

TClientCertMode

The current mode that is set.


DialogMode()

IMPORT_C TDialogMode DialogMode();

Description

Gets the current dialog mode.

Return value

TDialogMode

The current dialog mode.


Close()

IMPORT_C void Close();

Description

Closes the secure connection and the socket.

Implementations should terminate the secure connection gracefully as appropriate to their protocol. The RSocket object is not destoyed: this is left to the client application.


CurrentCipherSuite(TDes8 &)

IMPORT_C TInt CurrentCipherSuite(TDes8 &aCipherSuite);

Description

Gets the current cipher suite in use.

The current cipher suite is returned in the referenced buffer in two byte format as, i.e. [0x??][0x??].

Parameters

TDes8 &aCipherSuite

A reference to a descriptor at least 2 bytes long. Implementations that differ from the [0x??][0x??] format may require larger descriptors. See individual implementation notes for details.

Return value

TInt

KErrNone if successful; otherwise, another of the system-wide error codes.


FlushSessionCache()

IMPORT_C void FlushSessionCache();

Description

Flushes the session cache.


GetOpt(TUint,TUint,TDes8 &)

IMPORT_C TInt GetOpt(TUint aOptionName, TUint aOptionLevel, TDes8 &aOption);

Description

Gets an option.

Secure socket implementations may provide options that can be used with this function.

(nb. Getting the KSoServerNameIndication option is not supported).

Parameters

TUint aOptionName

An integer constant which identifies an option.

TUint aOptionLevel

An integer constant which identifies the level of an option, i.e. an option level group of related options.

TDes8 &aOption

An option value packaged in a descriptor.

Return value

TInt

KErrNone if successful; otherwise, another of the system-wide error codes.


GetOpt(TUint,TUint,TInt &)

IMPORT_C TInt GetOpt(TUint aOptionName, TUint aOptionLevel, TInt &aOption);

Description

Gets an option.

Secure socket implementations may provide options that can be used with this method.

(nb. Getting the KSoServerNameIndication option is not supported).

Parameters

TUint aOptionName

An integer constant which identifies an option.

TUint aOptionLevel

An integer constant which identifies the level of an option, i.e. an option level group of related options.

TInt &aOption

An integer option value.

Return value

TInt

KErrNone if successful; otherwise, another of the system-wide error codes.


Protocol(TDes &)

IMPORT_C TInt Protocol(TDes &aProtocol);

Description

Gets the protocol in use.

This method can be used to return the particular protocol/version that is being used by implementations that support different protocols/versions.

Parameters

TDes16 &aProtocol

A descriptor containing the protocol name/version that is being used. Protocol names can be up to 32 characters long, and so a descriptor of at least that size is required.

Return value

TInt

KErrNone


Recv(TDes8 &,TRequestStatus &)

IMPORT_C void Recv(TDes8 &aDesc, TRequestStatus &aStatus);

Description

Receives data from the socket.

This is an asynchronous function, and completes when the descriptor has been filled. Only one CSecureSocket::Recv(TDes8 &,TRequestStatus &) or CSecureSocket::RecvOneOrMore(TDes8 &,TRequestStatus &,TSockXfrLength &) operation can be outstanding at any time.

Parameters

TDes8 &aDesc

A descriptor where data read will be placed.

TRequestStatus &aStatus

On completion, KErrNone if successful; KErrEof if a remote connection is closed and there is no more data; KErrNotReady if called when an operation is still outstanding; or another system-wide error code.


RecvOneOrMore(TDes8 &,TRequestStatus &,TSockXfrLength &)

IMPORT_C void RecvOneOrMore(TDes8 &aDesc, TRequestStatus &aStatus, TSockXfrLength &aLen);

Description

Receives data from the socket.

This is an asynchronous function, and will complete when at least one byte has been read. Only one CSecureSocket::Recv(TDes8 &,TRequestStatus &) or CSecureSocket::RecvOneOrMore(TDes8 &,TRequestStatus &,TSockXfrLength &) operation can be outstanding at any time.

Parameters

TDes8 &aDesc

A descriptor where data read will be placed.

TRequestStatus &aStatus

On completion, KErrNone if successful; KErrEof if a remote connection is closed and there is no more data; KErrNotReady if called when an operation is still outstanding; or another system-wide error code.

TPckgBuf &aLen

On completion, the length of the descriptor, aDesc.


RenegotiateHandshake(TRequestStatus &)

IMPORT_C void RenegotiateHandshake(TRequestStatus &aStatus);

Description

Initiates a renegotiation of the secure connection.

This is an asynchronous function that completes when renegotiation is complete. It is valid for both client and server operation. There can only be one outstanding CSecureSocket::RenegotiateHandshake(TRequestStatus &) operation at a time.

Parameters

TRequestStatus &aStatus

On completion, KErrNone if successful; KErrNotReady if called when an operation is still outstanding; or another system-wide error code.


Send(const TDesC8 &,TRequestStatus &,TSockXfrLength &)

IMPORT_C void Send(const TDesC8 &aDesc, TRequestStatus &aStatus, TSockXfrLength &aLen);

Description

Sends data over the socket.

This is an asynchronous function. Only one CSecureSocket::Send(const TDesC8 &,TRequestStatus &,TSockXfrLength &) operation can be outstanding at any time.

Parameters

const TDesC8 &aDesc

A constant descriptor with the data to be send.

TRequestStatus &aStatus

On completion, KErrNone if successful; KErrNotReady if called when an operation is still outstanding; or another system-wise error code.

TPckgBuf &aLen

On completion, the amount of data sent.


Send(const TDesC8 &,TRequestStatus &)

IMPORT_C void Send(const TDesC8 &aDesc, TRequestStatus &aStatus);

Description

Sends data over the socket.

This is an asynchronous function. Only one CSecureSocket::Send(const TDesC8 &,TRequestStatus &,TSockXfrLength &) operation can be outstanding at any time, and the function will complete with the error KErrNotReady if called when a send is still outstanding.

Parameters

const TDesC8 &aDesc

A constant descriptor. The application must not modify this descriptor until the CSecureSocket::Send(const TDesC8 &,TRequestStatus &,TSockXfrLength &) completes.

TRequestStatus &aStatus

On completion, KErrNone; KErrNotReady if called when a send is still outstanding, if successful; or another system-wide error code.


ServerCert()

IMPORT_C const CX509Certificate* ServerCert();

Description

Gets the current server certificate.

When a secure socket is acting in client mode, the returned certificate will be the certificate for the remote server. When acting in server mode, the certificate returned will be the local certificate.

Note that the operation in server mode is currently reserved for future use, and returns NULL.

Return value

const CX509Certificate *

Pointer to the certificate, or NULL if no certificate is available.


SetAvailableCipherSuites(const TDesC8 &)

IMPORT_C TInt SetAvailableCipherSuites(const TDesC8 &aCiphers);

Description

Sets the list of cipher suites that are available for use.

The list of cipher suites should be supplied in a descriptor in the format as per the TLS RFC, i.e. [0x??][0x??] for each suite. The order of suites is important, and so they should be listed with the preferred suites first.

Note that ciphersuites using NULL encryption or PSK key exchange will be considered unsupported unless these features have been enabled via SetOpt.

Unsupported ciphersuites are silently ignored except that if the list becomes empty KErrNotSupported will be returned.

Parameters

const TDesC8 &aCiphers

Descriptor holding the cipher suites list.

Return value

TInt

KErrNone if successful; otherwise, a system-wide error code.


SetClientCert(const CX509Certificate &)

IMPORT_C TInt SetClientCert(const CX509Certificate &aCert);

Description

Sets the client certificate to use.

When a secure socket is acting in client mode, this method will set the certificate that will be used if a server requests one. When acting in server mode, if called this method will perform no action, but will return KErrNotSupported.

Note that this method is currently reserved for future use, and always returns KErrNotSupported.

Parameters

const CX509Certificate &aCert

The client certificate.

Return value

TInt

KErrNone if successful; otherwise, a system-wide error code.


SetClientCertMode(const TClientCertMode)

IMPORT_C TInt SetClientCertMode(const TClientCertMode aClientCertMode);

Description

Sets the client certificate mode.

Parameters

const TClientCertMode aClientCertMode

The client certificate mode to set.

Return value

TInt

KErrNone if successful; otherwise, a system-wide error code.


SetDialogMode(const TDialogMode)

IMPORT_C TInt SetDialogMode(const TDialogMode aDialogMode);

Description

Sets the Dialog mode.

Parameters

const TDialogMode aDialogMode

Dialog mode to set.

Return value

TInt

KErrNone if successful, otherwise, a system-wide error code.


SetProtocol(const TDesC &)

IMPORT_C TInt SetProtocol(const TDesC &aProtocol);

Description

Sets the protocol

Parameters

const TDesC16 &aProtocol

Descriptor holding the protocol name to be set, e.g. "SSL3.0" or "TLS1.0".

Return value

TInt

KErrNone if successful, or KErrNotSupported if the protocol in the descriptor isn't recognized.


SetOpt(TUint,TUint,const TDesC8 &)

IMPORT_C TInt SetOpt(TUint aOptionName, TUint aOptionLevel, const TDesC8 &aOption=TPtrC8(0,0));

Description

Sets an option.

SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.

In order for full verification of the Server certificate during handshake negotiation the domain name must be set. This is done using the option KSoSSLDomainName, with the option level KSolInetSSL.

In order to use a TLS PSK ciphersuite the user must use the the option KSoPskConfig, with the option level KSolInetSSL. The aOption argument should be a TPckgBuf<MSoPskKeyHandler *>. This passes in a pointer to an object which implements the MSoPskKeyHandler interface to decide which PSK identity and value the client wishes to use to secure the connection. See MSoPskKeyHandler for further details. If the MSoPskKeyHandler is NULL then PSK ciphersuites will be disabled again. If you specified an exact list of ciphersuites (by calling SetAvailableCipherSuites) you must update that list to exclude PSK ciphersuites.

The option KSoServerNameIndication, with the option level KSolInetSSL can be used to include the RFC3546 server name indication in the ClientHello sent to the server. This can be used to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network address. The aOption argument should be a TPckgBuf<CDesC8Array *>, ownership is passed in. One or more UTF-8 FQDNs can be supplied. Neither trailing dots nor numeric IP addresses should be used.

Parameters

TUint aOptionName

An integer constant which identifies an option.

TUint aOptionLevel

An integer constant which identifies the level of an option: i.e. an option level group of related options.

const TDesC8 &aOption

An option value packaged in a descriptor.

Return value

TInt

KErrNone if successful; otherwise, a system-wide error code.


SetOpt(TUint,TUint,TInt)

IMPORT_C TInt SetOpt(TUint aOptionName, TUint aOptionLevel, TInt aOption);

Description

Sets an option.

SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.

By default the TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA ciphersuites are disabled. These ciphersuites use NULL encryption and therefore offer no protection against evesdropping. Server authentication (and client, if a client certificate is used) is performed and data integrity is still checked (nb. TLS_NULL_WITH_NULL_NULL is never supported). In order to these ciphersuites the user must use the the option KSoEnableNullCiphers, with the option level KSolInetSSL and a non-zero argument. Using an argument of zero will disable them.

Parameters

TUint aOptionName

An integer constant which identifies an option.

TUint aOptionLevel

An integer constant which identifies the level of an option: i.e. an option level group of related options.

TInt aOption

An option value as an integer .

Return value

TInt

KErrNone if successful; otherwise, a system-wide error code.


SetServerCert(const CX509Certificate &)

IMPORT_C TInt SetServerCert(const CX509Certificate &aCert);

Description

Sets the server X.509 certificate.

Parameters

const CX509Certificate &aCert

The certificate to use.

Return value

TInt

KErrNone if successful; otherwise, a system-wide error code.


StartClientHandshake(TRequestStatus &)

IMPORT_C void StartClientHandshake(TRequestStatus &aStatus);

Description

Starts the client handshake.

Parameters

TRequestStatus &aStatus

On completion, KErrNone if successful; otherwise, a system-wide error code.


StartServerHandshake(TRequestStatus &)

IMPORT_C void StartServerHandshake(TRequestStatus &aStatus);

Description

Starts the server handshake.

Parameters

TRequestStatus &aStatus

On completion, KErrNone if successful; otherwise, a system-wide error code.