[openssl-users] Loading pkcs11 engine opensc without using command line

Victor Wagner vitus at wagner.pp.ru
Fri Jul 17 10:36:01 UTC 2015


On Fri, 17 Jul 2015 00:10:27 +0000
"Dr. Stephen Henson" <steve at openssl.org> wrote:

> On Thu, Jul 16, 2015, Anirudh Raghunath wrote:
> 
> > Hello, 
> > 
> > I want to write a program in which I can load a certificate from a
> > smartcard instead of having it in a file on the client machine. In
> 
> You may be able to make use of the automatic dynamic engine loading
> mechanism to simplify things. You can pass the ENGINE DSO path as the
> ENGINE name or to the function ENGINE_by_id() and it should load it.
> 
> I suggest you try it with the command line utility first.

Does openssl trunk already have API to load certificate from the engine?
Last time I've looked for this API I've only found

int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
        STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
        STACK_OF(X509) **pother,
        UI_METHOD *ui_method, void *callback_data);

which seems to be a bit too specific (where would I get an SSL pointer
if I want to use this certificate in the mail client to sign a CMS
message?) and is not supported by opensc PKCS11 engine.


> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



More information about the openssl-users mailing list