On Fri, 5 Aug 2016, Gilles Vollant wrote:

> My suggestion : giving a way to use a certificate from memory buffer in the
> different SSL layer. I think "base64:*" as filename, like my darwinssl patch
> is the more easy way.

That's indeed perfectly possible but would still require users to have to
base64 encode the cert for no good reason, only to have the library
immediately decode it again. Maybe we could offer an alternative approach
where we accept a struct like :

  struct cert {
    char magic[4];
    char *cert;
    size_t certlen;
  };

... and the magic struct member needs to contain a certain pattern for it to
be valid so that libcurl can detect it being different than a path given to
it. Like "\x01mem" or similar. We could even offer a macro/function that
properly inits such a struct:

  #define curl_init_cert_struct(struct, ptr, len) \
   do { \
     memcpy(struct->magic, MAGIC, 4); \
     struct->cert = ptr; \
     struct->certlen = len; \
   } while(0)

curl_easy_setopt(handle, CURLOPT_SSL_CERT, struct);

... we could then possibly also re-use that magic struct approach for other
options that take file names as input.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html