OpenSSL ENGINE 2nd version
Date: Fri, 14 Dec 2001 19:25:58 +0100
Today I had some time to look in my patch for OpenSSL ENGINE.
According to the comments from Daniel I did some changes:
Attached is a new version.
* OpenSSL ENGINE set with ...setopt()
* allows to set cert file type
* allows to set key file / key file type
Testet on solaris 2.5.1 with nCipher HSM
Build/ Testet with OpenSSL 0.9.6
* move #define HAVE_OPENSSL_ENGINE_H 1 from urldata.h to config file
* move #define DEBUG 1 from urldata.h to config file
Things to do:
* allow input of the passphrase with callback.
at the moment only supported set passphrase by CURLOPT_SSLKEYPASSWD
changes in the interface:
* added some CURLOPT_ parameters:
* CURLOPT_SSLCERTTYPE: ssl cert type (PEM/DER)
* CURLOPT_SSLKEY: ssl private key (file)
* CURLOPT_SSLKEYTYPE: ssl key type (PEM/DER/ENG)
* CURLOPT_SSLKEYPASSWD: passphrase for private key
(CURLOPT_SSLCERTPASSWD is alias)
* CURLOPT_SSLENGINE: set name of crypto engine
(returns CURLE_SSL_ENGINE_NOTFOUND on error)
* CURLOPT_SSLENGINE_DEFAULT: set actual engine as default engine in
(returns CURLE_SSL_ENGINE_SETFAILED on error)
* added error codes:
If you want to use an key stored in an engine,
you have to set the engine with CURLOPT_SSLENGINE
bevore you use the key.
An Engine is valid for a single CURL object.
If you let curl handle init/free of OpenSSL,
you should set DEFAULT after you
loaded your ENGINE in CURL with CURLOPT_SSLENGINE_ for
the first time.
-- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
- application/x-gzip attachment: patch2.gz
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature