Establish Secure Sockets Layer (SSL) sessions to facilitate secure communication between client and server.
The following terms are used in this discussion:
The initiator of an SSL session. The canonical example of a client is a web browser communicating with an HTTPS URL.
An entity that accepts requests for SSL sessions made by clients. An example is a secure web server.
The state associated with one session. A session context cannot be reused for multiple sessions.
Most applications need only a few of the functions in this API, which are normally called in the following sequence:
Prepare for a session
SSLCreateto create a new SSL session context.
SSLSetto specify the fully-qualified domain name of the peer to which you want to connect (optional but highly recommended).
Peer Domain Name
SSLSetto specify the certificate to be used in authentication (required for server side, optional for client).
Start a session
SSLHandshaketo perform the SSL handshake and establish a secure session.
Maintain a session
End a session
In many cases, it is easier to use the CFNetwork API than Secure Transport to implement a simple connection to a secure (HTTPS) URL. See CFNetwork Programming Guide for documentation of the CFNetwork API and the CFNetworkHTTPDownload sample code for an example of code that downloads data from a URL. If you specify an HTTPS URL, this routine automatically uses Secure Transport to encrypt the data stream.
For functions to manage and evaluate certificates, see Certificate, Key, and Trust Services.