Allow CA certificates to be loaded from memory instead of file
#5.715 geöffnet am 14. Jan. 2026
Repository-Metriken
- Stars
- (4.712 Stars)
- PR-Merge-Metriken
- (PR-Metriken ausstehend)
Beschreibung
Describe the feature you'd like supported
When using the OpenSSL backend, it is possible to provide a custom CA certificate file. This is a very handy feature, but only allowing CA certificates to be loaded from a file can add complexity on some platforms and potential security issues. We would prefer to be able to pass a pointer to memory block instead, which can for example be some static memory inside the executable.
Proposed solution
Here is a suggested patch that adds a new flag to treat the existing CredConfig->CaCertificateFile as the content of a CA certificate instead of the path to a CA certificate file. Since this file contains plaintext, not binary data, it is safe to use a null-terminated C string here, and hence it is not required to extend the CredConfig structure.
I cannot and will not sign the Microsoft CLA to submit this feature as a PR, so feel free to use this patch as a starting point in whatever way you like.
Additional context
No response