Hi,

I have a question concerning the Mozilla CA Certificates bundle
encoding and a proposal for supporting in-memory certificates.

On this page:

    https://curl.haxx.se/docs/caextract.html

it is possible to download one of several PEM files containing
the Mozilla CA Certificates bundle. In the current bundle,

    https://curl.haxx.se/ca/cacert-2018-03-07.pem

two entries (lines 1171 and 2638 respectively) have comments that
are in UTF-8, which I noticed today, pasted below for reference:

    1171: NetLock Arany (Class Gold) Főtanúsítvány

    2638: TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5

These are ignored [2], of course, but may cause problems in
programs that wish to parse or store this PEM file in other
formats. It is unclear / unspecified in [1] as to whether UTF-8
is acceptable.

Should these be converted [via 'mk-ca-bundle'], ignored [leave
the file as-is] or some other option?

My second question is, would there be any interest in having an
"in-memory" certificate option? I see an example [3] for OpenSSL,
but am considering adding something like 'ssl_camem' in addition
to 'ssl_cafile' and 'ssl_capath' [4], and the respective easy-opt
flag, perhaps 'CURLOPT_CAMEM' to specify a char * pointing to in-
memory contents of that CA file.

The file could either be read into memory or compiled, e.g., the
output of 'xxd -i'. If this may be of interest, let's discuss.

ZV

[1]: https://tools.ietf.org/html/rfc1421
[2]: https://tools.ietf.org/html/rfc7468

[3]: https://raw.githubusercontent.com/curl/curl/master/docs/exam
ples/cacertinmem.c

[4]: curl/lib/vtls/{mbedtls,openssl,polarssl,...}.c

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-05-16