microsoft/msquic

Allow CA certificates to be loaded from memory instead of file

Open

#5715 aperta il 14 gen 2026

Vedi su GitHub
 (1 commento) (0 reazioni) (1 assegnatario)C (671 fork)github user discovery
feature requesthelp wanted

Metriche repository

Star
 (4712 star)
Metriche merge PR
 (Metriche PR in attesa)

Descrizione

Describe the feature you'd like supported

When using the OpenSSL backend, it is possible to provide a custom CA certificate file. This is a very handy feature, but only allowing CA certificates to be loaded from a file can add complexity on some platforms and potential security issues. We would prefer to be able to pass a pointer to memory block instead, which can for example be some static memory inside the executable.

Proposed solution

Here is a suggested patch that adds a new flag to treat the existing CredConfig->CaCertificateFile as the content of a CA certificate instead of the path to a CA certificate file. Since this file contains plaintext, not binary data, it is safe to use a null-terminated C string here, and hence it is not required to extend the CredConfig structure.

I cannot and will not sign the Microsoft CLA to submit this feature as a PR, so feel free to use this patch as a starting point in whatever way you like.

memory-ca-file.patch

Additional context

No response

Guida contributor