Cliff Jansen resolved PROTON-697.
       Resolution: Fixed
    Fix Version/s: 0.9

completed except:

Session resume.  Server side should just work as is (but not tested), client 
side needs to provide and track session IDs to reuse the saved credential.

Arbitrary system/registry or pkcs12 file stores may now be used to provided 
trusted CAs if revocation list processing is not required.  This will work for 
most self-signed certificate scenarios.  If full revocation list processing is 
required to authenticate, Proton will fail the certification unless the root CA 
is also located in systems official Trusted Root CA store.


Specifying alternate trusted CA certificates, or none at all, was not possible 
in Proton 0.8, but is now and follows the original conventions as for OpenSSL.  
In particular, in Proton 0.8, authentication followed defaults as would exist 
in a browser.  Now, in Proton 0.9, if no root CA database is specified, the 
server certificate will not be validated in any way.

To continue validating the server credential as in Proton 0.8, an application 
must now specify the trusted certificate database (just as it would for 
OpenSSL) using the pn_ssl_domain_set_trusted_ca_db() method, either using 
"sys:root" or an other trusted CA database.

> SChannel SSL/TLS support for Proton-c on Windows
> ------------------------------------------------
>                 Key: PROTON-697
>                 URL: https://issues.apache.org/jira/browse/PROTON-697
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>    Affects Versions: 0.8
>         Environment: Windows
>            Reporter: Cliff Jansen
>            Assignee: Cliff Jansen
>             Fix For: 0.9
> This JIRA tracks the progress of completing SChannel functionality in Proton 
> beyond the start in PROTON-581.  The target is Proton 0.9.
> This includes support for
>   incoming connections
>   client side certificates
>   Windows registry and file based certificate stores
>   Control over certificate name checking

This message was sent by Atlassian JIRA

Reply via email to