Hi,
I have a question concerning the Mozilla CA Certificates bundle
encoding and a proposal for supporting in-memory certificates.
On this page:
https://curl.haxx.se/docs/caextract.html
it is possible to download one of several PEM files containing
the Mozilla CA Certificates bundle. In the current bundle,
https://curl.haxx.se/ca/cacert-2018-03-07.pem
two entries (lines 1171 and 2638 respectively) have comments that
are in UTF-8, which I noticed today, pasted below for reference:
1171: NetLock Arany (Class Gold) Főtanúsítvány
2638: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
These are ignored [2], of course, but may cause problems in
programs that wish to parse or store this PEM file in other
formats. It is unclear / unspecified in [1] as to whether UTF-8
is acceptable.
Should these be converted [via 'mk-ca-bundle'], ignored [leave
the file as-is] or some other option?
My second question is, would there be any interest in having an
"in-memory" certificate option? I see an example [3] for OpenSSL,
but am considering adding something like 'ssl_camem' in addition
to 'ssl_cafile' and 'ssl_capath' [4], and the respective easy-opt
flag, perhaps 'CURLOPT_CAMEM' to specify a char * pointing to in-
memory contents of that CA file.
The file could either be read into memory or compiled, e.g., the
output of 'xxd -i'. If this may be of interest, let's discuss.
ZV
[1]: https://tools.ietf.org/html/rfc1421
[2]: https://tools.ietf.org/html/rfc7468
[3]: https://raw.githubusercontent.com/curl/curl/master/docs/exam
ples/cacertinmem.c
[4]: curl/lib/vtls/{mbedtls,openssl,polarssl,...}.c
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
