You are viewing a plain text version of this content. The canonical link for it is here.

Posted to proton@qpid.apache.org by "Cliff Jansen (JIRA)" <ji...@apache.org> on 2015/03/19 01:15:38 UTC

[jira] [Resolved] (PROTON-697) SChannel SSL/TLS support for Proton-c on Windows

     [ https://issues.apache.org/jira/browse/PROTON-697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Cliff Jansen resolved PROTON-697.
---------------------------------
       Resolution: Fixed
    Fix Version/s: 0.9

completed except:

Session resume.  Server side should just work as is (but not tested), client side needs to provide and track session IDs to reuse the saved credential.

Arbitrary system/registry or pkcs12 file stores may now be used to provided trusted CAs if revocation list processing is not required.  This will work for most self-signed certificate scenarios.  If full revocation list processing is required to authenticate, Proton will fail the certification unless the root CA is also located in systems official Trusted Root CA store.

BEHAVIOR CHANGE:

Specifying alternate trusted CA certificates, or none at all, was not possible in Proton 0.8, but is now and follows the original conventions as for OpenSSL.  In particular, in Proton 0.8, authentication followed defaults as would exist in a browser.  Now, in Proton 0.9, if no root CA database is specified, the server certificate will not be validated in any way.

To continue validating the server credential as in Proton 0.8, an application must now specify the trusted certificate database (just as it would for OpenSSL) using the pn_ssl_domain_set_trusted_ca_db() method, either using "sys:root" or an other trusted CA database.

> SChannel SSL/TLS support for Proton-c on Windows
> ------------------------------------------------
>
>                 Key: PROTON-697
>                 URL: https://issues.apache.org/jira/browse/PROTON-697
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>    Affects Versions: 0.8
>         Environment: Windows
>            Reporter: Cliff Jansen
>            Assignee: Cliff Jansen
>             Fix For: 0.9
>
>
> This JIRA tracks the progress of completing SChannel functionality in Proton beyond the start in PROTON-581.  The target is Proton 0.9.
> This includes support for
>   incoming connections
>   client side certificates
>   Windows registry and file based certificate stores
>   Control over certificate name checking



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)