Skip to content

Allow CA certificates to be loaded from memory instead of file #5715

New issue
New issue
Open
Feature
Open
Allow CA certificates to be loaded from memory instead of file#5715
Feature
Assignees
anrossi
Labels
feature requestA request for new functionalityhelp wantedThis task will not be prioritized, but a contribution is welcome.
@j-schultz

Description

@j-schultz
j-schultz
opened on Jan 14, 2026

Describe the feature you'd like supported

When using the OpenSSL backend, it is possible to provide a custom CA certificate file. This is a very handy feature, but only allowing CA certificates to be loaded from a file can add complexity on some platforms and potential security issues. We would prefer to be able to pass a pointer to memory block instead, which can for example be some static memory inside the executable.

Proposed solution

Here is a suggested patch that adds a new flag to treat the existing CredConfig->CaCertificateFile as the content of a CA certificate instead of the path to a CA certificate file. Since this file contains plaintext, not binary data, it is safe to use a null-terminated C string here, and hence it is not required to extend the CredConfig structure.

I cannot and will not sign the Microsoft CLA to submit this feature as a PR, so feel free to use this patch as a starting point in whatever way you like.

memory-ca-file.patch

Additional context

No response

Metadata

Metadata

Assignees

Labels

feature requestA request for new functionalityhelp wantedThis task will not be prioritized, but a contribution is welcome.

Type

Feature

Projects

Transport Tracker

Status

No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions