-----Message d'origine-----
De : Gilles Vollant [mailto:vollan...@gmail.com] 
Envoyé : mercredi 21 septembre 2016 09:08
À : 'Gilles Olivier Vollant'
Objet : RE: Using PKCS12 certificate from memory

I tried the "binary" option you suggested, and this not perform well. Only the 
base64 option does the job.

On url.c (line 1917 on curl 7.50.3) the "case CURLOPT_SSLCERT" call setstropt 
which does a strdup.

Base64 is, pehaps, also more easy for user of libcurl using other langage than 
C or C++ and binding.  

I think the maintainer of curl must choose between a base64 approach, with less 
modification on curl code, or a binary approach, which need modification on 
url.c (by example)

Regards
Gilles Vollant


---------- Forwarded message ----------
From: Daniel Stenberg <dan...@haxx.se>
Date: 2016-08-05 23:40 GMT+02:00
Subject: Re: Using PKCS12 certificate from memory
To: libcurl development <curl-library@cool.haxx.se>


On Fri, 5 Aug 2016, Gilles Vollant wrote:
My suggestion : giving a way to use a certificate from memory buffer in the 
different SSL layer. I think "base64:*" as filename, like my darwinssl patch is 
the more easy way.

That's indeed perfectly possible but would still require users to have to 
base64 encode the cert for no good reason, only to have the library immediately 
decode it again. Maybe we could offer an alternative approach where we accept a 
struct like :

 struct cert {
   char magic[4];
   char *cert;
   size_t certlen;
 };

... and the magic struct member needs to contain a certain pattern for it to be 
valid so that libcurl can detect it being different than a path given to it. 
Like "\x01mem" or similar. We could even offer a macro/function that properly 
inits such a struct:

 #define curl_init_cert_struct(struct, ptr, len) \
  do { \
    memcpy(struct->magic, MAGIC, 4); \
    struct->cert = ptr; \
    struct->certlen = len; \
  } while(0)

curl_easy_setopt(handle, CURLOPT_SSL_CERT, struct);

... we could then possibly also re-use that magic struct approach for other 
options that take file names as input.

-- 

 / daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html



-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html

Reply via email to