cURL / Mailing Lists / curl-library / Single Mail


Re: Howto use libcurl with libnss and PKCS11 Interface to a Security Module?

From: Oliver Graute <>
Date: Tue, 22 Mar 2016 15:03:42 +0100

On 22/03/16, Kamil Dudka wrote:
> On Monday 21 March 2016 09:29:06 Oliver Graute wrote:
> > Hello list,
> >
> > we want to use libcurl and libnss together with a Security Module (SM).
> > Libnss should use the PKCS11 Interface to a crypto Interface of the SM.
> >
> > Is such a libnss setup possible with libcurl? If yes can someone explain
> > me what I need to do?
> I guess you need to add the module to /etc/pki/nssdb/pkcs11.txt but you will
> get a more precise answer on NSS-focused channels:

ok for SM integration its a nss related question. But how does the
libcurl libnss connection works?

First I would like to know how I can use nss from libcurl. I tried to
set the path to my nss certificate database in my httpclient code:

setenv("SSL_DIR", "/etc/nssdb", 1);
res = curl_easy_setopt(m_CURLCtx, CURLOPT_KEYPASSWD, "nss");

is this sufficient?

I also tried to use CURLOPT_SSL_engine

res = curl_easy_setopt(m_CURLCtx, CURLOPT_SSLENGINE, /etc/nssdb);

But I allready learned that this is not possible with libnss, only with openssl.

Best Regards,

List admin:
Received on 2016-03-22