Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Using key, secured by TPM2, in mTLS request
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Corinna Brandt via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 6 Feb 2025 11:36:55 +0000
Hello everyone,
In a project, I am currently working on, we are updating the OpenSSL library, to use OpenSSL 3.
One of the main features we use, is to generate keys, which are secured by the TPM. In OpenSSL 3, they changed the access to this from engines to providers. I'm now trying to incorporate this change when creating a CURL request with mTLS, which needs to use a key secured by TPM.
Previously, I was able to access this key using the CURLOPT_SSLENGINE, to access keys secured by TPM:
CURLcode curl_easy_setopt<https://curl.se/libcurl/c/curl_easy_setopt.html>(CURL *handle, CURLOPT_SSLENGINE<https://curl.se/libcurl/c/CURLOPT_SSLENGINE.html>, char *id);
I have not yet found out, how it is possible to load a tpm2 provider, before libcurl tries to access the private key.
Information on my system:
OS: Debian 12
SSL: OpenSSL 3.0
TPM2 provider: https://github.com/tpm2-software/tpm2-openssl
Kind Regards,
Corinna
Date: Thu, 6 Feb 2025 11:36:55 +0000
Hello everyone,
In a project, I am currently working on, we are updating the OpenSSL library, to use OpenSSL 3.
One of the main features we use, is to generate keys, which are secured by the TPM. In OpenSSL 3, they changed the access to this from engines to providers. I'm now trying to incorporate this change when creating a CURL request with mTLS, which needs to use a key secured by TPM.
Previously, I was able to access this key using the CURLOPT_SSLENGINE, to access keys secured by TPM:
CURLcode curl_easy_setopt<https://curl.se/libcurl/c/curl_easy_setopt.html>(CURL *handle, CURLOPT_SSLENGINE<https://curl.se/libcurl/c/CURLOPT_SSLENGINE.html>, char *id);
I have not yet found out, how it is possible to load a tpm2 provider, before libcurl tries to access the private key.
Information on my system:
OS: Debian 12
SSL: OpenSSL 3.0
TPM2 provider: https://github.com/tpm2-software/tpm2-openssl
Kind Regards,
Corinna
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-02-06