Create a socket with the socketfunction.

Set the socket in secure mode with setsockopt.

Set levelto SOL_SOCKET, set optnameto SO_SECURE, and set optvalto a DWORDset to SO_SEC_SSL.

Specify the certificate validation callback function by calling WSAIoctlwith the SO_SSL_SET_VALIDATE_CERT_HOOK control code.

To verify the server's identity during the handshake, call WSAIoctlwith the SO_SSL_SET_PEERNAME control code.

The server name is verified against the server certificate after a successful SSL handshake. The verification results are then indicated in the certificate validation callback. If the specified server name does not match the one indicated in the certificate chain of the SSL Handshake, SSL_CERT_FLAG_ISSUER_UNKNOWN is set in the dwFlags parameter of SslValidateCertHook.

If you do not perform this step, no verification is performed.

Set the socket in deferred handshake mode with WSAIoctl. The control code should be set to SO_SSL_SET_FLAGS and the flag set to SSL_FLAG_DEFER_HANDSHAKE.

Establish a nonsecure connection with the remote party using connect.

Transmit and receive unencoded data.

To switch to secure mode, call WSAIoctlwith the SO_SSL_PERFORM_HANDSHAKE control code passing in the target server name.

The certificate callback function is automatically called. The handshake is successful only if the callback function verifies the acceptability of the certificate by returning SSL_ERR_OKAY.

Transmit and receive.

The sendand recvfunctions encode and decode the data automatically.

When you are finished, close the socket with closesocket.