curl-library
Re: PKCS11 patch
Date: Fri, 09 Mar 2007 11:41:59 -0500
Denis GOUSSEAU wrote:
> The --engine command line doesn't allow to add an engine as with this
> openssl command :
> engine -t dynamic -pre SO_PATH: engine_pkcs11.dll \
> -pre ID:pkcs11 \
> -pre LIST_ADD:1 \
> -pre LOAD \
> -pre MODULE_PATH: pkcs11_w32.dll ;
>
> I would like to add an engine dynamicaly and use it for authentification
> (cert is on a smart card)
>
> Cordialement
>
> -----------------------------------------------
> Denis GOUSSEAU
> Service technique
>
> Société Santéos
> -----------------------------------------------
>
> -----Message d'origine-----
> De : curl-library-bounces_at_cool.haxx.se
> [mailto:curl-library-bounces_at_cool.haxx.se] De la part de Dan Fandrich
> Envoyé : mardi 6 mars 2007 18:30
> À : curl-library_at_cool.haxx.se
> Objet : Re: PKCS11 patch
>
> On Tue, Mar 06, 2007 at 04:10:25PM +0100, Denis GOUSSEAU wrote:
>> I try to use curl with engine-pkcs11 without modify libcurl source.
>>
>>
>>
>> Does anyone do something like that ?
>
> curl supports the --engine command-line option (and libcurl equivalent). Is
> that sufficient for your purposes?
>
>>>> Dan
If you want to try something a bit experimental libcurl has support for
the crypto library NSS which can handle PKCS#11 without code changes to
libcurl.
It looks like you are using Windows and I've done zero testing of the
NSS libcurl code on Windows but NSS and NSPR work fine on Windows
(Firefox/Mozilla use them) so there is at least the chance it would
work. NSS support should be available in CVS.
You basically use the NSS utility modutil to tell NSS where the PKCS#11
library can be found then your smartcard should appear as another
available token.
rob
-- Learn. Network. Experience open source. Red Hat Summit San Diego | May 9-11, 2007 Learn more: http://www.redhat.com/promo/summit/2007
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature