cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: CURLOPT_SSLENGINE and nss

From: Oliver Graute <oliver.graute_at_gmail.com>
Date: Wed, 16 Mar 2016 11:34:58 +0100

On 15/03/16, Ray Satiro via curl-library wrote:
> On 3/15/2016 10:27 AM, Oliver Graute wrote:
> >Hello,
> >
> >i'am using libcurl/7.44.0 with NSS/3.21. How can I set the SSL Engine for nss?
> >
> >I allready found:
> >
> >curl_easy_setopt()
> >
> >But if i use it. I get:
> >
> >CURLOPT_SSLENGINE: 4 (CURLE_NOT_BUILT_IN)
> >
> > --> If support for the option was disabled at compile-time, it will
> >return CURLE_NOT_BUILT_IN.
> >
> >I 'am using the following configure options before compiling libcurl:
> >
> >--without-ssl and --with-nss
>
> That option only works if OpenSSL built with engine support is used
> as the SSL backend. I've added that to the documentation [1]. I'm
> not sure about using NSS and engines, and how that works with
> libcurl. If you explain what you're trying to do (like use a
> smartcard) maybe someone on the list who uses libcurl and NSS will
> be able to help.

thx for this Information and for the Documentation update.

our usecase is like this:

           uses PKCs#11
httpsclient ---> libcurl --> libnss -----> custom PKCS#11 provider --> Crypto implementation Provider (high security module)

so libcurl should use libnss to use the PKCs#11 Interface to a crypto interface.

Has anyone experience with a similar setup which uses libcurl,libnss
together with a security module?

Best Regards,

Oliver
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-03-16