| class CSecureSocket : public CBase |
Secure sockets class.
| Private Member Functions | |
|---|---|
| void | ConstructL ( RSocket &, const TDesC &) |
| void | ConstructL ( MGenericSecureSocket &, const TDesC &) |
| Private Attributes | |
|---|---|
| MSecureSocket * | iSecureImplementation |
| TUint | iSecureSocketState |
| TInt | iUNUSED |
| IMPORT_C TInt | AvailableCipherSuites | ( | TDes8 & | aCiphers | ) |
Gets the available cipher suites.
Note that ciphersuites using NULL encryption or PSK key exchange will not be included unless they have been enabled via SetOpt.
| TDes8 & aCiphers | Descriptor holding the ciphers. |
| IMPORT_C void | CancelAll | ( | ) |
Cancels all the send and receive actions in the SSL state machine.
| IMPORT_C const CX509Certificate * | ClientCert | ( | ) |
Gets the current client certificate.
When a secure socket is acting in server mode, the returned certificate will be the certificate that the remote client provided. When acting in client mode, the certificate returned will be local certificate.
| IMPORT_C TClientCertMode | ClientCertMode | ( | ) |
Gets the current client certificate mode.
The client certificate mode is used when the socket is acting as a server, and determines whether a client certificate is requested.
| IMPORT_C void | Close | ( | ) |
Closes the secure connection and the socket.
Implementations should terminate the secure connection gracefully as appropriate to their protocol. The RSocket object is not destoyed: this is left to the client application.
| void | ConstructL | ( | RSocket & | aSocket, |
| const TDesC & | aProtocol | |||
| ) | [private] | |||
Standard 2-phase construction.
| void | ConstructL | ( | MGenericSecureSocket & | aSocket, |
| const TDesC & | aProtocol | |||
| ) | [private] | |||
Standard 2-phase construction.
| MGenericSecureSocket & aSocket | |
| const TDesC & aProtocol |
| IMPORT_C TInt | CurrentCipherSuite | ( | TDes8 & | aCipherSuite | ) |
Gets the current cipher suite in use.
The current cipher suite is returned in the referenced buffer in two byte format as, i.e. [0x??][0x??].
| TDes8 & aCipherSuite | A reference to a descriptor at least 2 bytes long. Implementations that differ from the [0x??][0x??] format may require larger descriptors. See individual implementation notes for details. |
| IMPORT_C TInt | GetOpt | ( | TUint | aOptionName, |
| TUint | aOptionLevel, | |||
| TDes8 & | aOption | |||
| ) | ||||
Gets an option.
Secure socket implementations may provide options that can be used with this function.
(nb. Getting the KSoServerNameIndication option is not supported).
| IMPORT_C TInt | GetOpt | ( | TUint | aOptionName, |
| TUint | aOptionLevel, | |||
| TInt & | aOption | |||
| ) | ||||
Gets an option.
Secure socket implementations may provide options that can be used with this method.
(nb. Getting the KSoServerNameIndication option is not supported).
| IMPORT_C CSecureSocket * | NewL | ( | RSocket & | aSocket, |
| const TDesC & | aProtocol | |||
| ) | [static] | |||
Creates and returns a pointer to a new secure socket.
A reference to an already open and connected socket should be passed in, along with a descriptor that contains the protocol name.
| IMPORT_C CSecureSocket * | NewL | ( | MGenericSecureSocket & | aSocket, |
| const TDesC & | aProtocol | |||
| ) | [static] | |||
Creates and returns a pointer to a new secure socket.
A reference to a socket derived from MGenericSecureSocket should be passed in, along with a descriptor that contains the protocol name.
| MGenericSecureSocket & aSocket | A reference to an MGenericSecureSocket derived object. |
| const TDesC & aProtocol | A constant descriptor containing the protocol name. |
| IMPORT_C TInt | Protocol | ( | TDes & | aProtocol | ) |
Gets the protocol in use.
This method can be used to return the particular protocol/version that is being used by implementations that support different protocols/versions.
| TDes & aProtocol | A descriptor containing the protocol name/version that is being used. Protocol names can be up to 32 characters long, and so a descriptor of at least that size is required. |
| IMPORT_C void | Recv | ( | TDes8 & | aDesc, |
| TRequestStatus & | aStatus | |||
| ) | ||||
Receives data from the socket.
This is an asynchronous function, and completes when the descriptor has been filled. Only one Recv() or RecvOneOrMore() operation can be outstanding at any time.
| TDes8 & aDesc | A descriptor where data read will be placed. |
| TRequestStatus & aStatus | On completion, KErrNone if successful; KErrEof if a remote connection is closed and there is no more data; KErrNotReady if called when an operation is still outstanding; or another system-wide error code. |
| IMPORT_C void | RecvOneOrMore | ( | TDes8 & | aDesc, |
| TRequestStatus & | aStatus, | |||
| TSockXfrLength & | aLen | |||
| ) | ||||
Receives data from the socket.
This is an asynchronous function, and will complete when at least one byte has been read. Only one Recv() or RecvOneOrMore() operation can be outstanding at any time.
| TDes8 & aDesc | A descriptor where data read will be placed. |
| TRequestStatus & aStatus | On completion, KErrNone if successful; KErrEof if a remote connection is closed and there is no more data; KErrNotReady if called when an operation is still outstanding; or another system-wide error code. |
| TSockXfrLength & aLen | On completion, the length of the descriptor, aDesc. |
| IMPORT_C void | RenegotiateHandshake | ( | TRequestStatus & | aStatus | ) |
Initiates a renegotiation of the secure connection.
This is an asynchronous function that completes when renegotiation is complete. It is valid for both client and server operation. There can only be one outstanding RenegotiateHandshake() operation at a time.
| TRequestStatus & aStatus | On completion, KErrNone if successful; KErrNotReady if called when an operation is still outstanding; or another system-wide error code. |
| IMPORT_C void | Send | ( | const TDesC8 & | aDesc, |
| TRequestStatus & | aStatus, | |||
| TSockXfrLength & | aLen | |||
| ) | ||||
Sends data over the socket.
This is an asynchronous function. Only one Send() operation can be outstanding at any time.
| const TDesC8 & aDesc | A constant descriptor with the data to be send. |
| TRequestStatus & aStatus | On completion, KErrNone if successful; KErrNotReady if called when an operation is still outstanding; or another system-wise error code. |
| TSockXfrLength & aLen | On completion, the amount of data sent. |
| IMPORT_C void | Send | ( | const TDesC8 & | aDesc, |
| TRequestStatus & | aStatus | |||
| ) | ||||
Sends data over the socket.
This is an asynchronous function. Only one Send() operation can be outstanding at any time, and the function will complete with the error KErrNotReady if called when a send is still outstanding.
| const TDesC8 & aDesc | A constant descriptor. The application must not modify this descriptor until the Send() completes. |
| TRequestStatus & aStatus | On completion, KErrNone; KErrNotReady if called when a send is still outstanding, if successful; or another system-wide error code. |
| IMPORT_C const CX509Certificate * | ServerCert | ( | ) |
Gets the current server certificate.
When a secure socket is acting in client mode, the returned certificate will be the certificate for the remote server. When acting in server mode, the certificate returned will be the local certificate.
Note that the operation in server mode is currently reserved for future use, and returns NULL.
| IMPORT_C TInt | SetAvailableCipherSuites | ( | const TDesC8 & | aCiphers | ) |
Sets the list of cipher suites that are available for use.
The list of cipher suites should be supplied in a descriptor in the format as per the TLS RFC, i.e. [0x??][0x??] for each suite. The order of suites is important, and so they should be listed with the preferred suites first.
Note that ciphersuites using NULL encryption or PSK key exchange will be considered unsupported unless these features have been enabled via SetOpt.
Unsupported ciphersuites are silently ignored except that if the list becomes empty KErrNotSupported will be returned.
| const TDesC8 & aCiphers | Descriptor holding the cipher suites list. |
| IMPORT_C TInt | SetClientCert | ( | const CX509Certificate & | aCert | ) |
Sets the client certificate to use.
When a secure socket is acting in client mode, this method will set the certificate that will be used if a server requests one. When acting in server mode, if called this method will perform no action, but will return KErrNotSupported.
Note that this method is currently reserved for future use, and always returns KErrNotSupported.
| const CX509Certificate & aCert | The client certificate. |
| IMPORT_C TInt | SetClientCertMode | ( | const TClientCertMode | aClientCertMode | ) |
Sets the client certificate mode.
| const TClientCertMode aClientCertMode | The client certificate mode to set. |
| IMPORT_C TInt | SetDialogMode | ( | const TDialogMode | aDialogMode | ) |
Sets the Dialog mode.
| const TDialogMode aDialogMode | Dialog mode to set. |
| IMPORT_C TInt | SetOpt | ( | TUint | aOptionName, |
| TUint | aOptionLevel, | |||
| const TDesC8 & | aOption = TPtrC8 (NULL, 0) | |||
| ) | ||||
Sets an option.
SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.
In order for full verification of the Server certificate during handshake negotiation the domain name must be set. This is done using the option KSoSSLDomainName, with the option level KSolInetSSL.
In order to use a TLS PSK ciphersuite the user must use the the option KSoPskConfig, with the option level KSolInetSSL. The aOption argument should be a TPckgBuf<MSoPskKeyHandler *>. This passes in a pointer to an object which implements the MSoPskKeyHandler interface to decide which PSK identity and value the client wishes to use to secure the connection. See MSoPskKeyHandler for further details. If the MSoPskKeyHandler is NULL then PSK ciphersuites will be disabled again. If you specified an exact list of ciphersuites (by calling SetAvailableCipherSuites) you must update that list to exclude PSK ciphersuites.
The option KSoServerNameIndication, with the option level KSolInetSSL can be used to include the RFC3546 server name indication in the ClientHello sent to the server. This can be used to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network address. The aOption argument should be a TPckgBuf<CDesC8Array *>, ownership is passed in. One or more UTF-8 FQDNs can be supplied. Neither trailing dots nor numeric IP addresses should be used.
| IMPORT_C TInt | SetOpt | ( | TUint | aOptionName, |
| TUint | aOptionLevel, | |||
| TInt | aOption | |||
| ) | ||||
Sets an option.
SecureSocket implementations may provide options that can be used with this method. See individual implementation notes for details.
By default the TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA ciphersuites are disabled. These ciphersuites use NULL encryption and therefore offer no protection against evesdropping. Server authentication (and client, if a client certificate is used) is performed and data integrity is still checked (nb. TLS_NULL_WITH_NULL_NULL is never supported). In order to these ciphersuites the user must use the the option KSoEnableNullCiphers, with the option level KSolInetSSL and a non-zero argument. Using an argument of zero will disable them.
| IMPORT_C TInt | SetProtocol | ( | const TDesC & | aProtocol | ) |
Sets the protocol
| const TDesC & aProtocol | Descriptor holding the protocol name to be set, e.g. "SSL3.0" or "TLS1.0". |
| IMPORT_C TInt | SetServerCert | ( | const CX509Certificate & | aCert | ) |
Sets the server X.509 certificate.
| const CX509Certificate & aCert | The certificate to use. |
| IMPORT_C void | StartClientHandshake | ( | TRequestStatus & | aStatus | ) |
Starts the client handshake.
| TRequestStatus & aStatus | On completion, KErrNone if successful; otherwise, a system-wide error code. |
| IMPORT_C void | StartServerHandshake | ( | TRequestStatus & | aStatus | ) |
Starts the server handshake.
| TRequestStatus & aStatus | On completion, KErrNone if successful; otherwise, a system-wide error code. |
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.