microsoft/msquic

Allow CA certificates to be loaded from memory instead of file

Open

#5,715 opened on Jan 14, 2026

View on GitHub
 (1 comment) (0 reactions) (1 assignee)C (671 forks)github user discovery
feature requesthelp wanted

Repository metrics

Stars
 (4,712 stars)
PR merge metrics
 (PR metrics pending)

Description

Describe the feature you'd like supported

When using the OpenSSL backend, it is possible to provide a custom CA certificate file. This is a very handy feature, but only allowing CA certificates to be loaded from a file can add complexity on some platforms and potential security issues. We would prefer to be able to pass a pointer to memory block instead, which can for example be some static memory inside the executable.

Proposed solution

Here is a suggested patch that adds a new flag to treat the existing CredConfig->CaCertificateFile as the content of a CA certificate instead of the path to a CA certificate file. Since this file contains plaintext, not binary data, it is safe to use a null-terminated C string here, and hence it is not required to extend the CredConfig structure.

I cannot and will not sign the Microsoft CLA to submit this feature as a PR, so feel free to use this patch as a starting point in whatever way you like.

memory-ca-file.patch

Additional context

No response

Contributor guide