microsoft/msquic

Allow CA certificates to be loaded from memory instead of file

Open

#5,715 建立於 2026年1月14日

在 GitHub 查看
 (1 留言) (0 反應) (1 負責人)C (671 fork)github user discovery
feature requesthelp wanted

倉庫指標

Star
 (4,712 star)
PR 合併指標
 (PR 指標待抓取)

描述

Describe the feature you'd like supported

When using the OpenSSL backend, it is possible to provide a custom CA certificate file. This is a very handy feature, but only allowing CA certificates to be loaded from a file can add complexity on some platforms and potential security issues. We would prefer to be able to pass a pointer to memory block instead, which can for example be some static memory inside the executable.

Proposed solution

Here is a suggested patch that adds a new flag to treat the existing CredConfig->CaCertificateFile as the content of a CA certificate instead of the path to a CA certificate file. Since this file contains plaintext, not binary data, it is safe to use a null-terminated C string here, and hence it is not required to extend the CredConfig structure.

I cannot and will not sign the Microsoft CLA to submit this feature as a PR, so feel free to use this patch as a starting point in whatever way you like.

memory-ca-file.patch

Additional context

No response

貢獻者指南