I would like to highlight a functional change for Windows users now
that the SChannel based SSL processing can work the same as for
OpenSSL:


Important Windows SSL/TLS functionality change:

The Proton SSL/TLS module for 0.8 using the native Microsoft SChannel
libraries was not configurable and successful handshakes resulted
solely from having the appropriate CA certificate in the official
Windows Trusted Root CA store.  It is now possible to specify
alternate trusted root CA databases and to turn off certificate
checking altogether, using the same Proton API conventions as for
OpenSSL on Posix systems.

In particular, Proton applications in Windows will not check server
certificates at all in 0.9 unless the capability is explicitly enabled
using the pn_ssl_domain_set_trusted_ca_db() function.  To use the
system Trusted Root CA store:

  pn_ssl_domain_set_trusted_ca_db(d, "sys:root")

Or to use a file based PKCS#12 certificate store:

  pn_ssl_domain_set_trusted_ca_db(d, "mycerts.p12")


On Wed, Mar 25, 2015 at 8:25 AM, Ken Giusti <kgiu...@redhat.com> wrote:
> How about:
>
> "New Reactor API"
>
> I think that's a pretty big deal, no?  ;)
>
>
>
> ----- Original Message -----
>> From: "Rafael Schloming" <r...@alum.mit.edu>
>> To: proton@qpid.apache.org
>> Sent: Tuesday, March 24, 2015 3:16:52 PM
>> Subject: Items for the 0.9 Release notes/announcement
>>
>> I'm trying to put together a relatively complete set of changes and release
>> notes for 0.9. If there is any particular feature be it new or some
>> existing behaviour change that is worthy of being mentioned in the release
>> notes or release announcement, please follow up with a suitable blurb on
>> this thread.
>>
>> --Rafael
>>
>
> --
> -K

Reply via email to