Hi, I need to implement a patch against libcurl that makes it read the CA PEM data for CAINFO and ISSUERCERT from a memory buffer provided directly with curl_easy_setopt rather than providing it a file path.
Now I've figured out the trivial neccessary changes to do that (basically create a BIO with BIO_new_mem_buf and then use PEM_read_bio_X509). However, I want to make sure my patch gets accepted upstream. We're linking against libcurl statically thanks to it's BSD license, but we want to contribute to the OpenSource cause and also have better maintainability (I hope merging upgrading our then-to-be-vanilla libcurl within our source tree will be easier then). My approach was to simply see if the provided buffer starts with "-----BEGIN CERTIFICATE-----" and then read the PEM data from the memory buffer instead of treating it as a file path. I would just like to check if such a dual-purpose / self-configuring API is fine with the upstream maintainers. Note for the paranoid: We're not generating things on the fly or do other bad things that violate proper crypto best-practices. We simply want to pin on a specific CA (run by us) due to the recent rogue or hacked CA debacles. Reading this CA cert from a memory buffer is a requirement for us, since it makes our cross-platform deployment _a lot_ easier. A simple "yes, go with looking for that string and we'll accept upstream and write docs ourselves" would be most appreciated. ;) Thanks, Georg ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
