Allow CA certificates to be loaded from memory instead of file
#5,715 opened on Jan 14, 2026
Repository metrics
- Stars
- (4,712 stars)
- PR merge metrics
- (PR metrics pending)
Description
Describe the feature you'd like supported
When using the OpenSSL backend, it is possible to provide a custom CA certificate file. This is a very handy feature, but only allowing CA certificates to be loaded from a file can add complexity on some platforms and potential security issues. We would prefer to be able to pass a pointer to memory block instead, which can for example be some static memory inside the executable.
Proposed solution
Here is a suggested patch that adds a new flag to treat the existing CredConfig->CaCertificateFile as the content of a CA certificate instead of the path to a CA certificate file. Since this file contains plaintext, not binary data, it is safe to use a null-terminated C string here, and hence it is not required to extend the CredConfig structure.
I cannot and will not sign the Microsoft CLA to submit this feature as a PR, so feel free to use this patch as a starting point in whatever way you like.
Additional context
No response