microsoft/msquic

Allow CA certificates to be loaded from memory instead of file

Open

#5.715 geöffnet am 14. Jan. 2026

Auf GitHub ansehen
 (1 Kommentar) (0 Reaktionen) (1 zugewiesene Person)C (671 Forks)github user discovery
feature requesthelp wanted

Repository-Metriken

Stars
 (4.712 Stars)
PR-Merge-Metriken
 (PR-Metriken ausstehend)

Beschreibung

Describe the feature you'd like supported

When using the OpenSSL backend, it is possible to provide a custom CA certificate file. This is a very handy feature, but only allowing CA certificates to be loaded from a file can add complexity on some platforms and potential security issues. We would prefer to be able to pass a pointer to memory block instead, which can for example be some static memory inside the executable.

Proposed solution

Here is a suggested patch that adds a new flag to treat the existing CredConfig->CaCertificateFile as the content of a CA certificate instead of the path to a CA certificate file. Since this file contains plaintext, not binary data, it is safe to use a null-terminated C string here, and hence it is not required to extend the CredConfig structure.

I cannot and will not sign the Microsoft CLA to submit this feature as a PR, so feel free to use this patch as a starting point in whatever way you like.

memory-ca-file.patch

Additional context

No response

Contributor Guide