TODO: Reduce CA certificate bundle reparsing

By adding some sort of cache.

Reported-by: Michael Drake
Closes #9379
Closes #9538

docs/TODO

@@ -120,6 +120,7 @@
  13.9 TLS record padding
  13.10 Support Authority Information Access certificate extension (AIA)
  13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
+ 13.12 Reduce CA certificate bundle reparsing
  13.13 Make sure we forbid TLS 1.3 post-handshake authentication
  13.14 Support the clienthello extension
 
@@ -844,6 +845,15 @@
  Adding this feature would make curls pinning 100% compatible to HPKP and
  allow more flexible pinning.
 
+13.12 Reduce CA certificate bundle reparsing
+
+ When using the OpenSSL backend, curl will load and reparse the CA bundle at
+ the creation of the "SSL context" when it sets up a connection to do a TLS
+ handshake. A more effective way would be to somehow cache the CA bundle to
+ avoid it having to be repeatedly reloaded and reparsed.
+
+ See https://github.com/curl/curl/issues/9379
+
 13.13 Make sure we forbid TLS 1.3 post-handshake authentication
 
  RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3