cURL / Mailing Lists / curl-users / Single Mail


OpenSSL ENGINE 2nd version

From: Götz Babin-Ebell <>
Date: Fri, 14 Dec 2001 19:25:58 +0100


Today I had some time to look in my patch for OpenSSL ENGINE.

According to the comments from Daniel I did some changes:

Attached is a new version.

* OpenSSL ENGINE set with ...setopt()
* allows to set cert file type
* allows to set key file / key file type

Testet on solaris 2.5.1 with nCipher HSM
Build/ Testet with OpenSSL 0.9.6

required changes:
* move #define HAVE_OPENSSL_ENGINE_H 1 from urldata.h to config file
* move #define DEBUG 1 from urldata.h to config file

Things to do:
* allow input of the passphrase with callback.
  at the moment only supported set passphrase by CURLOPT_SSLKEYPASSWD

changes in the interface:
* added some CURLOPT_ parameters:
  * CURLOPT_SSLCERTTYPE: ssl cert type (PEM/DER)
  * CURLOPT_SSLKEY: ssl private key (file)
  * CURLOPT_SSLKEYPASSWD: passphrase for private key
                          (CURLOPT_SSLCERTPASSWD is alias)
  * CURLOPT_SSLENGINE: set name of crypto engine
                         (returns CURLE_SSL_ENGINE_NOTFOUND on error)
  * CURLOPT_SSLENGINE_DEFAULT: set actual engine as default engine in
                         (returns CURLE_SSL_ENGINE_SETFAILED on error)

* added error codes:

If you want to use an key stored in an engine,
you have to set the engine with CURLOPT_SSLENGINE
bevore you use the key.

An Engine is valid for a single CURL object.

If you let curl handle init/free of OpenSSL,
you should set DEFAULT after you
loaded your ENGINE in CURL with CURLOPT_SSLENGINE_ for
the first time.



Goetz Babin-Ebell, TC TrustCenter AG,
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

Received on 2001-12-14