curl-library
RE: Using PKCS12 certificate from memory
Date: Wed, 21 Sep 2016 09:08:25 +0200
-----Message d'origine-----
De : Gilles Vollant [mailto:vollant.g_at_gmail.com]
Envoyé : mercredi 21 septembre 2016 09:08
À : 'Gilles Olivier Vollant'
Objet : RE: Using PKCS12 certificate from memory
I tried the "binary" option you suggested, and this not perform well. Only the base64 option does the job.
On url.c (line 1917 on curl 7.50.3) the "case CURLOPT_SSLCERT" call setstropt which does a strdup.
Base64 is, pehaps, also more easy for user of libcurl using other langage than C or C++ and binding.
I think the maintainer of curl must choose between a base64 approach, with less modification on curl code, or a binary approach, which need modification on url.c (by example)
Regards
Gilles Vollant
---------- Forwarded message ----------
From: Daniel Stenberg <daniel_at_haxx.se>
Date: 2016-08-05 23:40 GMT+02:00
Subject: Re: Using PKCS12 certificate from memory
To: libcurl development <curl-library_at_cool.haxx.se>
On Fri, 5 Aug 2016, Gilles Vollant wrote:
My suggestion : giving a way to use a certificate from memory buffer in the different SSL layer. I think "base64:*" as filename, like my darwinssl patch is the more easy way.
That's indeed perfectly possible but would still require users to have to base64 encode the cert for no good reason, only to have the library immediately decode it again. Maybe we could offer an alternative approach where we accept a struct like :
struct cert {
char magic[4];
char *cert;
size_t certlen;
};
... and the magic struct member needs to contain a certain pattern for it to be valid so that libcurl can detect it being different than a path given to it. Like "\x01mem" or similar. We could even offer a macro/function that properly inits such a struct:
#define curl_init_cert_struct(struct, ptr, len) \
do { \
memcpy(struct->magic, MAGIC, 4); \
struct->cert = ptr; \
struct->certlen = len; \
} while(0)
curl_easy_setopt(handle, CURLOPT_SSL_CERT, struct);
... we could then possibly also re-use that magic struct approach for other options that take file names as input.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2016-09-21