curl / Mailing Lists / curl-library / Single Mail


Mozilla CA Certificates, UTF-8

From: Zach van Rijn <>
Date: Wed, 16 May 2018 10:52:27 -0400


I have a question concerning the Mozilla CA Certificates bundle
encoding and a proposal for supporting in-memory certificates.

On this page:

it is possible to download one of several PEM files containing
the Mozilla CA Certificates bundle. In the current bundle,

two entries (lines 1171 and 2638 respectively) have comments that
are in UTF-8, which I noticed today, pasted below for reference:

    1171: NetLock Arany (Class Gold) Főtanúsítvány

    2638: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5

These are ignored [2], of course, but may cause problems in
programs that wish to parse or store this PEM file in other
formats. It is unclear / unspecified in [1] as to whether UTF-8
is acceptable.

Should these be converted [via 'mk-ca-bundle'], ignored [leave
the file as-is] or some other option?

My second question is, would there be any interest in having an
"in-memory" certificate option? I see an example [3] for OpenSSL,
but am considering adding something like 'ssl_camem' in addition
to 'ssl_cafile' and 'ssl_capath' [4], and the respective easy-opt
flag, perhaps 'CURLOPT_CAMEM' to specify a char * pointing to in-
memory contents of that CA file.

The file could either be read into memory or compiled, e.g., the
output of 'xxd -i'. If this may be of interest, let's discuss.




[4]: curl/lib/vtls/{mbedtls,openssl,polarssl,...}.c

Received on 2018-05-16