On 10/22/18 12:05 PM, Petr Pisar via curl-library wrote:

> Actually would be possible to allow an application to supply an
> allocator and deallocator callbacks to libcurl via an option? This way
> the application could control the sensitive data storage. E.g. by
> allocating a memory from core-locked (non-swappable) region. It could
> also scrub the data from the memory instead of libcurl. The callback
> could also be used by underlying crypto library for storing session keys
> etc. In other words the application would become responsible for the
> safety measures. libcurl would only use the callbacks instead of a
> native allocator (if provided).

Sure. I don't know why I forgot about that option. I like that way and
think that's the way to go.

--
Gabriel

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html