The attached patch adds a new option for curl_easy_setopt:
CURLOPT_SSLENGINE_WITH_OPT. It's be nice if this feature could be
merged into libcurl. It's an variation of CURLOPT_SSLENGINE that lets
you set the pre and post engine init commands to be passed to OpenSSL.
More info is available at:
http://www.openssl.org/docs/crypto/engine.html#Advanced_configuration_support

The patch was originally written for libcurl v7.22, but I've updated
the option ID to avoid conflicts and it applies & compiles against
v7.27.

Below is a simplified example of a program that uses the dynamic
engine to load a PKCS#11 based on the "Using Engine_pkcs11 with the
openssl command" example from:
http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart

-Andrew Prout

----------------------

CURL *ch = NULL;
struct curl_sslengineinfo ei;
char *preopts[] = {
        "SO_PATH", "/usr/lib64/openssl/engines/engine_pkcs11.so",
        "ID", "pkcs11",
        "LIST_ADD", "1",
        "LOAD", NULL,
        "MODULE_PATH", "/path/to/my/pkcs11.so",
        NULL };
char *CertID = "d3a805a58810fbe89ece27d9f5e3170e61eb3e2b"; // ID field
from PKCS#11 library, use pkcs11-tool to discover

ei.enginename = "dynamic";
ei.preopt = preopts;
ei.postopt = NULL;

curl_global_init(CURL_GLOBAL_ALL);
ch = curl_easy_init();
curl_easy_setopt(ch, CURLOPT_URL, "https://localhost/restricted");
curl_easy_setopt(ch, CURLOPT_SSLENGINE_WITH_OPT, &ei);
curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "ENG");
curl_easy_setopt(ch, CURLOPT_SSLCERT, CertID);
curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "ENG");
curl_easy_setopt(ch, CURLOPT_SSLKEY, CertID);
curl_easy_perform(ch);

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html