Boost.Asio contains classes and class templates for basic SSL support. These classes allow encrypted communication to be layered on top of an existing stream, such as a TCP socket.
Before creating an encrypted stream, an application must construct an SSL context object. This object is used to set SSL options such as verification mode, certificate files, and so on. As an illustration, client-side initialisation may look something like:
ssl::context ctx(my_io_service, ssl::context::sslv23); ctx.set_verify_mode(ssl::context::verify_peer); ctx.load_verify_file("ca.pem");
To use SSL with a TCP socket, one may write:
ssl::stream<ip::tcp::socket> ssl_sock(my_io_service, ctx);
To perform socket-specific operations, such as establishing an outbound connection
or accepting an incoming one, the underlying socket must first be obtained
ip::tcp::socket::lowest_layer_type& sock = ssl_sock.lowest_layer(); sock.connect(my_endpoint);
In some use cases the underlying stream object will need to have a longer lifetime than the SSL stream, in which case the template parameter should be a reference to the stream type:
ip::tcp::socket sock(my_io_service); ssl::stream<ip::tcp::socket&> ssl_sock(sock, ctx);
SSL handshaking must be performed prior to transmitting or receiving data
over an encrypted connection. This is accomplished using the
Once connected, SSL stream objects are used as synchronous or asynchronous read and write streams. This means the objects can be used with any of the read(), async_read(), write(), async_write(), read_until() or async_read_until() free functions.
OpenSSL is required to make use
of Boost.Asio's SSL support. When an application needs to use OpenSSL functionality
that is not wrapped by Boost.Asio, the underlying OpenSSL types may be obtained