Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
开发者_Python百科Closed 8 years ago.
Improve this questionI checked out quite a few SSL librarys tonight. OpenSSL looks good but lacks documentation, as most of them do. I thought I hit the jackpot when I found NetSieben's SSL C++ Library (http://www.netsieben.com/products/ssh/index.phtml) but after hours, I am unable to get it to compile. It says it needs Botan's lib, but absolutely no information how to link it to Botan or anything.
So I am looking for a fairly easy to use SSL library. I am just using it for a client application to connect to an already existing server.
To give a more thorough answer: There are a number of SSL libraries that are better documented than OpenSSL, which is notoriously bad.
If you look at the grand picture, the real alternatives as an SSL library are Botan, PolarSSL, Mozilla NSS, Wolf and GnuTLS.
All except Botan are not C++ specific so they do not have nice C++ objects and resource management.
My personal preference for SSL library is PolarSSL, because of the readability of the code, in-header API documentation and just general good experiences with it. It is used in some large FOSS projects and they have some kind of government accreditation.
I'm not a real fan of the wrappers like Boost.Asio as they still lack the proper documentation for the more in depth things. Boost.Asio itself is quiet ok and the examples are pretty decent though. If you only need a simple client, this might be the way to go.
Mozilla NSS is one of the older ones, but it does not support the newer TLS 1.1 and TLS 1.2 standards, which they actually should.
Both Botan and CyaSSL are good alternatives too. Botan documentation is thorough on some parts and perhaps a bit lacking on other parts, but some large open source projects include Botan and have good experiences with it.
In general, you can do a lot better than OpenSSL with any of these.
Hope this helps!
Boost.Asio provides SSL capabilities by wrappering OpenSSL. The examples are fairly straightforward, for client-code it looks something like this
ssl::context ctx(my_io_service, ssl::context::sslv23);
ctx.set_verify_mode(ssl::context::verify_peer);
ctx.load_verify_file("ca.pem");
ssl::stream<ip::tcp::socket> ssl_sock(my_io_service, ctx);
ip::tcp::socket::lowest_layer_type& sock = ssl_sock.lowest_layer();
sock.connect(my_endpoint);
sock.handshake();
sock.write(...);
note there are asynchronous methods async_connect
and async_handshake
and async_write
too.
For a simple well-documented SSL library, you could look at https://polarssl.org.
PolarSSL has full API documentation and example clients on its source page.
Disclaimer: I'm the lead-maintainer for PolarSSL
Mozilla NSS is a relatively better documented set of libraries.
You might like CyaSSL, which is another SSL implementation. You can download it at http://www.yassl.com.
精彩评论