Hello,

Gioffredi, Pompea wrote:

> I have some question about SSL connections:

> - I need to make a SSL connection with a certificate inside a Smart Card.
> Does anybody on the list know the way to resolve the problem with libcurl?

You need OpenSSL with crypto engine support.
That is:
openssl-engine-0.9.6i.tar.gz
or:
openssl-0.9.7a.tag.gz.

But with 0.9.7a you will have to fix the passpgrase handling.
(OpenSSL 0.9.7 has a new "object": UI that handles user
  interface callbacks, meaning passphrase input.)
I want to do this since at least july 2002,... :-(

> -How I can select a Crypto Engine for asymmetric operations?
> (I don't know if the Default Crypto Engine works with private keys into Smart Cards)
What interface has the smart card ?
If the smart card has an in OpenSSL implemented interface,
you specify the interface (crypto engine) in curl with:

curl --engine <engine_name>

If the interface for the smart card is PKCS#11:
There are several patches for PKCS#11 with OpenSSL.

I had a look in two patches:
* the patch from afchine madjlessi at bull
* the patch from Bernard Leach and Zoran Radenkovic at eracom.

Both needed some changes for our environment.
(Especially if you have more than one thread...)

> -If the Secure Server requires a "session key", how I can generate it with libcurl ?
The session key is always generated in OpenSSL...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en