cURL / Mailing Lists / curl-users / Single Mail

curl-users

Howto use PKCS11 engine with curl (command line)

From: Erwan Loaëc <erwan.loaec_at_cgin.fr>
Date: Thu, 04 Feb 2010 11:56:11 +0100

Hello everybody,

I'm trying to use curl for accessing SSL page using client certificate
stored on smartcard. But here is the result obtained :

$> curl --engine list
Build-time engines:
   padlock
   dynamic

Obviously, the following does not work..

$> curl --engine pkcs11 https://toto.com
curl: (53) SSL Engine 'pkcs11' not found

OpenSSL engines:
----------------

$> openssl engine -t
(padlock) VIA PadLock (no-RNG, no-ACE)
      [ unavailable ]
(dynamic) Dynamic engine loading support
      [ unavailable ]
(pkcs11) pkcs11 engine
      [ available ]

My openssl conf file contains the following:

===================================================
openssl_conf = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /opt/opensc/lib/engines/engine_pkcs11.so
MODULE_PATH = /opt/opensc/lib/opensc-pkcs11.so
init = 0
===================================================
This works well using openssl CLI.

My curl version:
----------------

$> curl -V
curl 7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8k
zlib/1.2.3.3 libidn/1.8 libssh2/0.18
Protocols: tftp ftp telnet dict http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Is anyone can tell me how can I use pkcs11 with curl ??

Regards,

-- 
Erwan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2010-02-04