msquic icon indicating copy to clipboard operation
msquic copied to clipboard
verified publisher icon microsoft

Support in-memory certificate stores

Open Myriachan opened this issue 8 months ago • 1 comments

Describe the feature you'd like supported

I've been evaluating MsQuic and haven't used it, but already see a problem that would complicate usage: there isn't a way to use a certificate store that is in-memory. Custom certificate stores must be in a disk file. There are use cases where this is a problem.

Proposed solution

Both SChannel and OpenSSL can support this. See libcurl code:

SChannel: https://github.com/curl/curl/blob/0c20e9bf1a5cc7318f85e70212505856bb5f0e72/lib/vtls/schannel_verify.c#L122 OpenSSL: https://github.com/curl/curl/blob/0c20e9bf1a5cc7318f85e70212505856bb5f0e72/lib/vtls/openssl.c#L3021

I think this can already be done manually in SChannel using QUIC_CREDENTIAL_CONFIG::CertificateContext essentially the same way that libcurl does it.

Additional context

No response

Myriachan avatar Mar 27 '25 01:03 Myriachan

Thanks for filling this. It is unlikely we have time to work on this in the close future, if you want to open a PR, a contribution would be welcome!

guhetier avatar Oct 21 '25 18:10 guhetier