uWebSockets icon indicating copy to clipboard operation
uWebSockets copied to clipboard
verified publisher icon uNetworking

SSL App provide cert and key from memory

Open dzonerzy opened this issue 2 years ago • 6 comments

Instead of having cert and key on disk is it possible to provide them from memory?

dzonerzy avatar Feb 10 '23 15:02 dzonerzy

Not right now but you can place files on a ramdisk /tmp usually is

uNetworkingAB avatar Feb 10 '23 19:02 uNetworkingAB

Actually I'm using uWebsockets on Windows and I need to ship a single executable

dzonerzy avatar Feb 10 '23 19:02 dzonerzy

But the same idea is still valid - just copy out the file as a temporary file with GetTempPath and load it.

uNetworkingAB avatar Feb 10 '23 19:02 uNetworkingAB

In my local fork, I've implemented this support for OpenSSL. Is this a feature you are open to me up-streaming?

My current implementation extends SocketContextOptions to have key_pem_contents, key_pem_length, cert_contents, and cert_length, then uses SSL_CTX_use_certificate and SSL_CTX_use_RSAPrivateKey under the hood.

I assume that there would also be some changes for boringssl, but I haven't looked.

kylepl avatar Mar 09 '23 23:03 kylepl

Should be the same for boringssl, feel free to PR it in usockets but I need to look at it

uNetworkingAB avatar Apr 07 '23 15:04 uNetworkingAB

Just a follow-up, that it turned out my implementation was not quite correct (it was only reading the leaf certificate, not the chain), and I've switched away from an implementation that comes from memory - thus I don't plan to proceed with putting out a PR.

kylepl avatar May 17 '23 03:05 kylepl