Skip to content

Support in-memory certificate stores #4951

New issue
New issue
Open
Task
Open
Support in-memory certificate stores#4951
Task
Labels
Area: APIArea: CoreRelated to the shared, core protocol logicexternalProposed by non-MSFTfeature requestA request for new functionalitygood first issueGood for newcomers
Milestone
Future
@Myriachan

Description

@Myriachan
Myriachan
opened on Mar 27, 2025

Describe the feature you'd like supported

I've been evaluating MsQuic and haven't used it, but already see a problem that would complicate usage: there isn't a way to use a certificate store that is in-memory. Custom certificate stores must be in a disk file. There are use cases where this is a problem.

Proposed solution

Both SChannel and OpenSSL can support this. See libcurl code:

SChannel: https://github.com/curl/curl/blob/0c20e9bf1a5cc7318f85e70212505856bb5f0e72/lib/vtls/schannel_verify.c#L122
OpenSSL: https://github.com/curl/curl/blob/0c20e9bf1a5cc7318f85e70212505856bb5f0e72/lib/vtls/openssl.c#L3021

I think this can already be done manually in SChannel using QUIC_CREDENTIAL_CONFIG::CertificateContext essentially the same way that libcurl does it.

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Area: APIArea: CoreRelated to the shared, core protocol logicexternalProposed by non-MSFTfeature requestA request for new functionalitygood first issueGood for newcomers

    Type

    Task

    Projects

    DPT Iteration Tracker

    Status

    No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions