Looking for a High Level C++ SSL Library [closed]

Question

I checked out quite a few SSL librarys tonight. OpenSSL looks good but lacks documentation, as most of them do. I thought I hit the jackpot when I found NetSieben's SSL C++ Library (http://www.netsieben.com/products/ssh/index.phtml) but after hours, I am unable to get it to compile. It says it needs Botan's lib, but absolutely no information how to link it to Botan or anything.

So I am looking for a fairly easy to use SSL library. I am just using it for a client application to connect to an already existing server.

Answer 1

To give a more thorough answer: There are a number of SSL libraries that are better documented than OpenSSL, which is notoriously bad.

If you look at the grand picture, the real alternatives as an SSL library are Botan, PolarSSL, Mozilla NSS, Wolf and GnuTLS.

All except Botan are not C++ specific so they do not have nice C++ objects and resource management.

My personal preference for SSL library is PolarSSL, because of the readability of the code, in-header API documentation and just general good experiences with it. It is used in some large FOSS projects and they have some kind of government accreditation.

I'm not a real fan of the wrappers like Boost.Asio as they still lack the proper documentation for the more in depth things. Boost.Asio itself is quiet ok and the examples are pretty decent though. If you only need a simple client, this might be the way to go.

Mozilla NSS is one of the older ones, but it does not support the newer TLS 1.1 and TLS 1.2 standards, which they actually should.

Both Botan and CyaSSL are good alternatives too. Botan documentation is thorough on some parts and perhaps a bit lacking on other parts, but some large open source projects include Botan and have good experiences with it.

In general, you can do a lot better than OpenSSL with any of these.

Hope this helps!

Answer 2

Boost.Asio provides SSL capabilities by wrappering OpenSSL. The examples are fairly straightforward, for client-code it looks something like this

ssl::context ctx(my_io_service, ssl::context::sslv23); ctx.set_verify_mode(ssl::context::verify_peer); ctx.load_verify_file("ca.pem");  ssl::stream<ip::tcp::socket> ssl_sock(my_io_service, ctx); ip::tcp::socket::lowest_layer_type& sock = ssl_sock.lowest_layer(); sock.connect(my_endpoint); sock.handshake(); sock.write(...); 

note there are asynchronous methods async_connect and async_handshake and async_write too.