Secure Socket Control Codes

A version of this page is also available for

Windows Embedded CE 6.0 R3


You can specify a particular operation to perform by calling WSAIoctl or WSPIoctl with a specific control code, as defined by the dwIoControlCode parameter. This parameter allows protocol and vendor independence when adding new control codes, while it retains backward compatibility with the Winsock 1.1 and Unix control codes.

The following table shows the available control codes.

Control Code Description


Specify a particular security protocol, or determine the default protocols. Then call WSAIoctl with the SO_SSL_SET_PROTOCOLS control code to select the protocols to be enabled. Otherwise, Windows Embedded CE selects the protocol.


Switch to secure mode and pass in the target server name.


Set the socket in the mode determined by the flag. For example, if the control code is SO_SSL_SET_FLAGS and the flag is set to SSL_FLAG_DEFER_HANDSHAKE, then the socket is in deferred handshake mode.


Ensure that the server on the certificate is the same name as the desired server.


Selects the protocols to be enabled. Otherwise, Windows Embedded CE selects the protocol.


Specify the certificate validation callback function

For information about the form for the dwIoControlCode parameter, see WSAIoctl or WSPIoctl.


By using Winsock secure sockets, you can ensure that the server on the certificate has the same name as the desired server. You do this by passing the SCH_CRED_NO_SERVERNAME_CHECK flag to the CompletionRoutine.

CompletionRoutine is a placeholder for an application-defined or library-defined function.

For more information about CompletionRoutine, see WSAIoctl. For more information about the SCH_CRED_NO_SERVERNAME_CHECK flag, see SCHANNEL_CRED.

You should call WSAIoctl with the SO_SSL_SET_PEERNAME control code after setting up the secure socket and prior to making the connection. The following code example shows how it should be called.

   "www.<domain>.com", strlen("www.<domain>.com")+1,
   NULL, 0,

The input buffer, parameter 3 is the ASCII null-terminated servername. The input buffer length is parameter 4.

See Also


Winsock API Reference


Implementing a Secure Socket
Using a Deferred Handshake