Hi, I have a question concerning the Mozilla CA Certificates bundle encoding and a proposal for supporting in-memory certificates.
On this page: https://curl.haxx.se/docs/caextract.html it is possible to download one of several PEM files containing the Mozilla CA Certificates bundle. In the current bundle, https://curl.haxx.se/ca/cacert-2018-03-07.pem two entries (lines 1171 and 2638 respectively) have comments that are in UTF-8, which I noticed today, pasted below for reference: 1171: NetLock Arany (Class Gold) Főtanúsítvány 2638: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 These are ignored [2], of course, but may cause problems in programs that wish to parse or store this PEM file in other formats. It is unclear / unspecified in [1] as to whether UTF-8 is acceptable. Should these be converted [via 'mk-ca-bundle'], ignored [leave the file as-is] or some other option? My second question is, would there be any interest in having an "in-memory" certificate option? I see an example [3] for OpenSSL, but am considering adding something like 'ssl_camem' in addition to 'ssl_cafile' and 'ssl_capath' [4], and the respective easy-opt flag, perhaps 'CURLOPT_CAMEM' to specify a char * pointing to in- memory contents of that CA file. The file could either be read into memory or compiled, e.g., the output of 'xxd -i'. If this may be of interest, let's discuss. ZV [1]: https://tools.ietf.org/html/rfc1421 [2]: https://tools.ietf.org/html/rfc7468 [3]: https://raw.githubusercontent.com/curl/curl/master/docs/exam ples/cacertinmem.c [4]: curl/lib/vtls/{mbedtls,openssl,polarssl,...}.c ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html