Skip to content

Support in-memory certificate stores #4951

New issue
New issue
Open
Task
Open
Support in-memory certificate stores#4951
Task
Labels
Area: APIArea: CoreRelated to the shared, core protocol logicexternalProposed by non-MSFTfeature requestA request for new functionality
Milestone
 
Future
@Myriachan

Description

@Myriachan
Myriachan
opened on Mar 27, 2025

Describe the feature you'd like supported

I've been evaluating MsQuic and haven't used it, but already see a problem that would complicate usage: there isn't a way to use a certificate store that is in-memory. Custom certificate stores must be in a disk file. There are use cases where this is a problem.

Proposed solution

Both SChannel and OpenSSL can support this. See libcurl code:

SChannel: https://github.com/curl/curl/blob/0c20e9bf1a5cc7318f85e70212505856bb5f0e72/lib/vtls/schannel_verify.c#L122
OpenSSL: https://github.com/curl/curl/blob/0c20e9bf1a5cc7318f85e70212505856bb5f0e72/lib/vtls/openssl.c#L3021

I think this can already be done manually in SChannel using QUIC_CREDENTIAL_CONFIG::CertificateContext essentially the same way that libcurl does it.

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Area: APIArea: CoreRelated to the shared, core protocol logicexternalProposed by non-MSFTfeature requestA request for new functionality

    Type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions