This is a brief introduction to a proposed new Proton-C support library to provide generalized TLS functionality.
The existing Proton SSL/TLS functionality is tightly coupled to AMQP connections and does not provide application access to the encrypted or decrypted stream data. As a result, there is no Proton support for TLS on raw connections. A new library is proposed with the following characteristics: - broadly similar in configuration to the existing methods in c/include/proton/ssl.h - uses arrays of byte buffers to hold encrypted and decrypted content - focus is primarily to provide support for TLS1.3 and compatibility for TLS1.2 - ability to eventually provide the sole TLS functionality in Proton for all connection types. The API is in its early stages and is "unsettled" for now. The early work is tracked in: https://issues.apache.org/jira/browse/PROTON-2497 The code to date can be viewed on: https://github.com/cliffjansen/qpid-proton in branches: tls2_wip_02 (current) tls2_wip (older) In its current form, the new TLS library does not build unless you set BUILD_TLS=ON. It has no symbol dependencies on other Proton libraries. It does rely on the existing proton/raw_connection.h header file to obtain the definition for pn_raw_buffer_t which is used to define encrypted and decrypted content passed into and out of the library. This allows easy passing of data between the TLS library and Proton raw connections. Cliff
