This WSAIoctl command is used to get/set the SSL flags associated with the socket. The lpvInBuffer points to a "WORD". The following flags exist:
#define SO_SSL_ENABLE 0x0001
#define SO_SSL_SERVER 0x0002
#define SO_SSL_AUTH_CLIENT 0x0004
#define SO_SSL_ACCEPT_WEAK 0x0008
The flags are set using the SO_SSL_SET_FLAGS command, while the status of the flags can be queried using the SO_SSL_GET_FLAGS command.
Setting the SO_SSL_ENABLE flag enables security on the socket. If this is done after a connection has already been established, then the SSL handshake protocol is performed before the next byte of data is transferred.
The SO_SSL_SERVER flag, when set, indicates that the socket is to be configured for server operation. In addition, the SO_SSL_AUTH_CLIENT flag indicates that the server will authenticate the client.
The SO_SSL_ACCEPT_WEAK flag, when set, instructs SSL to accept weakly checked certificates.
Strong certificate checking means that the SSL implementation has contacted the certificate issuer online and verified the validity of the certificate. Weak certificate checking means that no online check was performed.