cURL / Mailing Lists / curl-library / Single Mail


libcurl, CACs, and SSL/TLS

From: Mckinney, Lee <>
Date: Wed, 4 May 2016 21:20:32 +0000

We have the following use case:

1. via libcurl, attempt SSL/TLS connection to a CAC-protected (PKI-enabled) server.
2. Receive server PKI challenge, asking for an appropriate certificate (likely X.509).
3. via libcurl (or libcurl + openSSL?), present the user with a list a certificates available on
    his/her CAC (smartcard). The card must be in the reader.
4. User selects certificate.
5. User receives a PIN challenge for the selected certificate.
6. Proper PIN is submitted.
7. The certificate response is sent to the server.
7. The TLS connection started in step #1 completes.

How do we build/configure libcurl (and openSSL?) to achieve this?
If this capability is via API (not build or configuration), which members of the libcurl API
are relevant?

Our starting line:
res = CURLE_OK;
curl_easy_setopt(curl, CURLOPT_URL, "<an-https-url>"
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);

res = curl_easy_perform(curl);


List admin:
Received on 2016-05-04