curl-library
Re: Howto use libcurl with libnss and PKCS11 Interface to a Security Module?
Date: Wed, 23 Mar 2016 14:37 +0100
On Tuesday, March 22, 2016 15:03:42 Oliver Graute wrote:
> On 22/03/16, Kamil Dudka wrote:
> > On Monday 21 March 2016 09:29:06 Oliver Graute wrote:
> > > Hello list,
> > >
> > > we want to use libcurl and libnss together with a Security Module (SM).
> > > Libnss should use the PKCS11 Interface to a crypto Interface of the SM.
> > >
> > > Is such a libnss setup possible with libcurl? If yes can someone explain
> > > me what I need to do?
> >
> > I guess you need to add the module to /etc/pki/nssdb/pkcs11.txt but you
> > will
> > get a more precise answer on NSS-focused channels:
> ok for SM integration its a nss related question. But how does the
> libcurl libnss connection works?
>
> First I would like to know how I can use nss from libcurl. I tried to
> set the path to my nss certificate database in my httpclient code:
>
> setenv("SSL_DIR", "/etc/nssdb", 1);
> res = curl_easy_setopt(m_CURLCtx, CURLOPT_KEYPASSWD, "nss");
>
> is this sufficient?
Could be. I would suggest to also set CURLOPT_VERBOSE to 1L and attach
the verbose output if anything goes wrong.
> I also tried to use CURLOPT_SSL_engine
>
> res = curl_easy_setopt(m_CURLCtx, CURLOPT_SSLENGINE, /etc/nssdb);
>
> But I allready learned that this is not possible with libnss, only with
> openssl.
Exactly. CURLOPT_SSLENGINE will not work with nss.
Kamil
> Best Regards,
>
> Oliver
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-03-23