Using a Deferred Handshake

A deferred handshake enables an application to create an unsecured connection and then later convert it to a connection with a security infrastructure.

To implement secure sockets with a deferred handshake

  1. Create a socket with the socket function.
  2. Set the socket in secure mode with setsockopt.
  3. Set level to SO_SOCKET, set optname to SO_SECURE, and set optval to a DWORD set to SO_SEC_SSL.
  4. Specify the certificate validation callback function by calling WSAIoctl with the SO_SSL_SET_VALIDATE_CERT_HOOK control code.
  5. Set the socket in deferred handshake mode with WSAIoctl. The control code should be set to SO_SSL_SET_FLAGS and the flag set to SSL_FLAG_DEFER_HANDSHAKE.
  6. Establish a nonsecure connection with the remote party using connect.
  7. Transmit and receive unencoded data.
  8. To switch to secure mode, call WSAIoctl with the SO_SSL_PERFORM_HANDSHAKE control code passing in the target server name.
  9. The certificate callback function is automatically called. The handshake is successful only if the callback function verifies the acceptability of the certificate by returning SSL_ERR_OKAY.
  10. Transmit and receive.
  11. The send and recv functions encode and decode the data automatically.
  12. When you are finished, close the socket with closesocket.

See Also

Winsock Secure Sockets

 Last updated on Saturday, April 10, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.