poco/NetSSL_Win/doc/README.txt

70 lines
3.2 KiB
Plaintext
Raw Normal View History

About NetSSL_Win
================
2022-07-07 17:18:20 +08:00
NetSSL_Win is an implementation of the POCO NetSSL library based on Windows
Schannel. The original NetSSL implementation is based on OpenSSL and thus
has a few OpenSSL-isms in the interface. Generally, source code based
on NetSSL_OpenSSL can be easily ported to use NetSSL_Win. Just a few
2022-07-07 17:18:20 +08:00
minor code changes are required, due to differences in the API.
These are discussed below:
2014-09-05 07:27:49 +02:00
- Context: The Context constructor uses different arguments. While
the first argument is the same, all others are different.
Instead of a certificate file name, a certificate subject name is
2014-10-07 23:25:31 +02:00
specified. Certificates can be loaded from a Windows
certificate store, or from PKCS #12 files (.pfx, .p12) containing
certificate and private key pairs, if the OPT_LOAD_CERT_FROM_FILE
is specified. In the latter case, a private key passphrase handler
must be setup.
Please refer to the header file documentation for more information.
Furthermore, the following Context methods are not available in NetSSL_Win:
2022-07-07 17:18:20 +08:00
addChainCertificate(), disableStatelessSessionResumption(),
2014-10-10 10:14:53 +02:00
enableSessionCache(),flushSessionCache(),
getSessionCacheSize(), getSessionTimeout(),
setSessionCacheSize(), setSessionTimeout(), sslContext(),
useCertificate(), usePrivateKey().
2014-09-05 07:27:49 +02:00
- SSLManager: The configuration properties used to configure the SSLManager
are different from the ones used in NetSSL_OpenSSL. Please see the
2022-07-07 17:18:20 +08:00
SSLManager header file for more information.
The isFIPSEnabled() method is not available.
2014-10-07 23:25:31 +02:00
- X509Certificate: Saving a certificate is not supported.
2014-09-05 07:27:49 +02:00
Certificate and Certificate Stores
----------------------------------
2014-10-07 23:25:31 +02:00
The test suite and samples expect a certificate/private key file named
2014-10-10 10:14:53 +02:00
any.pfx, located in the current working directory. This can be changed
2014-10-07 23:25:31 +02:00
by editing the testrunner.xml/TestSuite.xml configuration files.
Alternatively, a certificate from the Windows certificate store can be used.
2022-07-07 17:18:20 +08:00
A suitable self-signed certificate can be created using the Windows
IIS administration console, then exported to a file, and re-imported into
the user's personal store.
To create the certificate, follow these steps:
1. Launch the Computer Management utility.
2. Go to Services and Applications > Internet Information Server.
3. Open the Server Certificates feature.
4. Under Actions, click "Create Self-Signed Certificate...".
5. Enter a user-friendly name for the certificate.
The certificate will be issued to the name of your computer.
6. Export the certificate by right-clicking it and chosing "Export...".
7. In Explorer, double-click the exported certificate file (.pfx)
to launch the Certificate Import Wizard.
2022-07-07 17:18:20 +08:00
8. Import the certificate into your personal store by
selecting "Place all certificates in the following store" and
selecting the "Personal" store in the import wizard.
Windows Embedded Compact
------------------------
Windows Embedded Compact does not support the following Schannel
2022-07-07 17:18:20 +08:00
features:
2014-09-05 07:27:49 +02:00
- certificate revocation checking (Context::OPT_PERFORM_REVOCATION_CHECK)
- TLS 1.1 and 1.2 (Context::TLSV1_1_CLIENT_USE, etc.)
- disabling weak security algorithms (Context::OPT_USE_STRONG_CRYPTO)