We have the following use case:

1. via libcurl, attempt SSL/TLS connection to a CAC-protected (PKI-enabled) server.
2. Receive server PKI challenge, asking for an appropriate certificate (likely X.509).
3. via libcurl (or libcurl + openSSL?), present the user with a list a certificates available on
    his/her CAC (smartcard). The card must be in the reader.
4. User selects certificate.
5. User receives a PIN challenge for the selected certificate.
6. Proper PIN is submitted.
7. The certificate response is sent to the server.
7. The TLS connection started in step #1 completes.

How do we build/configure libcurl (and openSSL?) to achieve this?
If this capability is via API (not build or configuration), which members of the libcurl API
are relevant?

Our starting line:
res = CURLE_OK;
curl_easy_setopt(curl, CURLOPT_URL, "<an-https-url>"
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);

res = curl_easy_perform(curl);

V/r,
Lee

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-05-04