[openssl-users] Loading pkcs11 engine opensc without using command line
Dr. Stephen Henson
steve at openssl.org
Fri Jul 17 11:36:36 UTC 2015
On Fri, Jul 17, 2015, Victor Wagner wrote:
> On Fri, 17 Jul 2015 00:10:27 +0000
> "Dr. Stephen Henson" <steve at openssl.org> wrote:
>
> > On Thu, Jul 16, 2015, Anirudh Raghunath wrote:
> >
> > > Hello,
> > >
> > > I want to write a program in which I can load a certificate from a
> > > smartcard instead of having it in a file on the client machine. In
> >
> > You may be able to make use of the automatic dynamic engine loading
> > mechanism to simplify things. You can pass the ENGINE DSO path as the
> > ENGINE name or to the function ENGINE_by_id() and it should load it.
> >
> > I suggest you try it with the command line utility first.
>
> Does openssl trunk already have API to load certificate from the engine?
> Last time I've looked for this API I've only found
>
> int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
> STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
> STACK_OF(X509) **pother,
> UI_METHOD *ui_method, void *callback_data);
>
> which seems to be a bit too specific (where would I get an SSL pointer
> if I want to use this certificate in the mail client to sign a CMS
> message?) and is not supported by opensc PKCS11 engine.
>
>
No OpenSSL currently doesn't have an API to do that but the OP was asking
about how to use an external API that took an ENGINE pointer.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list