cURL / Mailing Lists / curl-library / Single Mail

curl-library

P12 AND PEM DATA from MEMORY

From: mm.w <0xcafefeed_at_gmail.com>
Date: Sun, 29 Mar 2015 15:09:42 -0700

Dear List, I do know these questions over the years have been asked many
times ; there are solutions ; heavy ones ; as it depends on the SSL backend
in-used.

Trying to advocate again for these features ; explaining the reasons:

impacting:

CURLOPT_CAINFO
CURLOPT_SSLCERT
CURLOPT_SSLKEY

I have a core-framework having a vault API similar to the Apple's keychain
; keeping user-data for each domain protected e.g even password associated
to keys :

I have a core-network which is using lib curl for handling protocols
similar to NSConnection and the rest ;

what's happening when building the request the net-lib will look up in the
user-vault for its credentials (if any) and setup the request with them ;

BUT the only choice we have: is too dump the data to a tmp file:

it's breaking by definition all the secure-design attempt and mostly
forcing to dump the data blindly each times ; and then remove them ; this
is an async api ; could make many connections to same URI ; a lot waste of
tmp/remove sessions which can be caught at runtime ; and a headache for the
secure cleaning (e.g async you have to remember what you acquired on the
response callback)

SO this options could be added (1); making the life of many folks easier
which I think are in the same situation:

(1)

CURLOPT_CAINFO_DATA
CURLOPT_SSLCERT_DATA
CURLOPT_SSLKEY_DATA

and

CURLOPT_CAINFO
CURLOPT_SSLCERT
CURLOPT_SSLKEY

could be replaced by

CURLOPT_CAINFO_FP
CURLOPT_SSLCERT_FP
CURLOPT_SSLKEY_FP

where FP is not anymore a file-path but a file-descriptor ; handling
unicode paths on windows would be solved.

Thank you ; for reading me.

Best!

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-03-30