curl-library
P12 AND PEM DATA from MEMORY
Date: Sun, 29 Mar 2015 15:09:42 -0700
Dear List, I do know these questions over the years have been asked many
times ; there are solutions ; heavy ones ; as it depends on the SSL backend
in-used.
Trying to advocate again for these features ; explaining the reasons:
impacting:
CURLOPT_CAINFO
CURLOPT_SSLCERT
CURLOPT_SSLKEY
I have a core-framework having a vault API similar to the Apple's keychain
; keeping user-data for each domain protected e.g even password associated
to keys :
I have a core-network which is using lib curl for handling protocols
similar to NSConnection and the rest ;
what's happening when building the request the net-lib will look up in the
user-vault for its credentials (if any) and setup the request with them ;
BUT the only choice we have: is too dump the data to a tmp file:
it's breaking by definition all the secure-design attempt and mostly
forcing to dump the data blindly each times ; and then remove them ; this
is an async api ; could make many connections to same URI ; a lot waste of
tmp/remove sessions which can be caught at runtime ; and a headache for the
secure cleaning (e.g async you have to remember what you acquired on the
response callback)
SO this options could be added (1); making the life of many folks easier
which I think are in the same situation:
(1)
CURLOPT_CAINFO_DATA
CURLOPT_SSLCERT_DATA
CURLOPT_SSLKEY_DATA
and
CURLOPT_CAINFO
CURLOPT_SSLCERT
CURLOPT_SSLKEY
could be replaced by
CURLOPT_CAINFO_FP
CURLOPT_SSLCERT_FP
CURLOPT_SSLKEY_FP
where FP is not anymore a file-path but a file-descriptor ; handling
unicode paths on windows would be solved.
Thank you ; for reading me.
Best!
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-03-30