/schannel-tls-cpp

A TLS client/server library for Windows that uses the schannel TLS implementation

Primary LanguageC++MIT LicenseMIT

schannel-tls-cpp

A TLS client/server library built on top of Windows' built-in TLS implementation (schannel).

SSPI/Schannel documentation:
https://docs.microsoft.com/en-us/windows/win32/rpc/security-support-provider-interface-sspi-
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-ssl-schannel-ssp-overview

Server Sample

schannel::TLSConfig tls_config;

// Only TLS 1.2 or TLS 1.3
tls_config.enabled_protocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER;

// Get the certificate from the local user personal certificate store
tls_config.cert_store_location = CERT_SYSTEM_STORE_CURRENT_USER;
tls_config.cert_store_name = "My";
tls_config.cert_subject_match = "gabriel-sztejnworcel.com";

// Create the server object and start listening
schannel::TLSServer tls_server(tls_config);
tls_server.listen("localhost", 8443);

// Wait for and accept a client connection
auto tls_socket = tls_server.accept();

// Receive and decrypt
int bytes = tls_socket.recv();

// Build a string from the decrypted buffer (stored in the tls socket object)
std::string msg(tls_socket.decrypted_buffer(), bytes);

std::cout << "Received: " << msg << std::endl;

Client Sample

schannel::TLSConfig tls_config;

// Only TLS 1.2 or TLS 1.3
tls_config.enabled_protocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT;

// Skip server certificate verification (should be used only in dev/debug)
tls_config.verify_server_cert = false;

// Create the client object
schannel::TLSClient tls_client(tls_config);

// Connect to the server (including the TLS handshake)
auto tls_socket = tls_client.connect("localhost", 8443);

// Send a message to the server
std::string msg = "Hello World";
tls_socket.send(msg.c_str(), (int)msg.length());