cURL / Mailing Lists / curl-library / Single Mail


RE: SSLv3 mutual authentication using libcurl and smart card

From: Tiago dos Santos Gomes <>
Date: Tue, 4 Oct 2016 18:42:03 +0000

Hi David

I had some progress in the development of the module, but I have now other issues.
I compiled a simple pkcs11 module, following the specification that you indicated me. For now, it only implements some basic functions for testing. Using the command "$ pkcs11-tool --module / -I", I get the expected return of C_GetInfo.

> $ Mkdir /tmp/softhsm
> $ Echo "directories.tokendir = /tmp/softhsm"> softhsm2.conf
> $ Export SOFTHSM2_CONF = `pwd` /softhsm2.conf
> $ Softhsm2-util---init token --slot 0 --label test --pin 1234 --so-pin 12345678
> The token Has Been initialized.
> $ Softhsm2-util --import key.pem --slot 0 --label mykey --id 01 --pin 1234
> The key pair Has Been imported

The above commands worked. With a single difference: Since I have no access to private key on the card, I created one for test using

$ openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits 2048

Now, the problems.

The command
$ p11tool --list-privkeys' pkcs11: token= test; pin-value = 1234 '--login
returns "No matching objects found".

 Then, I tried
$ p11tool --list-tokens
It returns no references to the created token

I installed softhsm package (and softhsm2 too), but the file /usr/share/p11-kit/modules/softhsm.module was not created. I tried removing and reinstalling, but it did not work. In the modules folder, I only have gnome-keyring.module and p11-kit-trust.module.

Some detailed information about my development system that may be relevant:

Ubuntu 15.10
Kernel 4.2.0-42-generic

$ Curl --engine list
Build-time engines:

$ Openssl engine
(Rdrand) Intel RDRAND engine
(Dynamic) Dynamic engine loading support

$ Curl --version
curl 7.43.0 (i686-pc-linux-gnu) libcurl / 7.43.0 GnuTLS / 3.3.15 zlib / 1.2.8 libidn / 1:28 librtmp / 2.3
Protocols: dict file ftp ftps https gopher http imap ldap imaps ldaps pop3 pop3s rtsp rtmp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile Kerberos GSS-API SPNEGO NTLM NTLM_WB libz SSL TLS-SRP UnixSockets

$ openssl version
OpenSSL 1.0.2d 9 Jul 2015

Is there something wrong or missing in my system configuration?

Thanks for the help

Best Regards,
Tiago Gomes

List admin:
Received on 2016-10-04