Loading certificates from memory instead of file path

[aaronovz1]

Is there any reason there isn't a way to load certs from memory? It seems mosquitto_tls_set only takes file paths. If I wanted to store private keys encrypted on storage, I can't decrypt in memory and use with mosquitto, I'd have to store them unencrypted.

[aaronovz1]

Is it possible to get some movement on this enhancement?

[ethsonliu]

This is practical for clients, especially on Windows.

[ethsonliu]

@ralight Hi,

libmosq_EXPORT int mosquitto_tls_set(struct mosquitto *mosq,
		const char *cafile, const char *capath,
		const char *certfile, const char *keyfile,
		int (*pw_callback)(char *buf, int size, int rwflag, void *userdata));

Store private-keys and certificates on disk rather than on RAM is dangerous on clients especially on Windows, but if with private-keys encrypted, it will be safe to be public for everyone, right?

[aaronovz1]

Yes, I think if encrypted on disk with the client app being able to load it into memory and decrypt and pass the bytes into mosquitto it would be more secure and more robust.

[ChristopherHandy]

Any update on this? Would be great to have. Allows for better management of a device instance if not tied to the File system.

[yqzhan]

My approach is to decrypt, start, and then delete

[ethsonliu]

I implemented it, pls see https://github.com/ethsonliu/personal-notes/blob/master/mqtt/mosquitto%20%E6%BA%90%E7%A0%81%E6%94%B9%E9%80%A0%20-%20%E8%AF%81%E4%B9%A6%E5%92%8C%E7%A7%81%E9%92%A5%E5%8A%A0%E8%BD%BD%E4%BB%8E%E6%96%87%E4%BB%B6%E6%94%B9%E4%B8%BA%E4%BB%8E%E5%86%85%E5%AD%98.md