[openssl-users] Loading pkcs11 engine opensc without using command line

Dr. Stephen Henson steve at openssl.org
Fri Jul 17 11:36:36 UTC 2015


On Fri, Jul 17, 2015, Victor Wagner wrote:

> On Fri, 17 Jul 2015 00:10:27 +0000
> "Dr. Stephen Henson" <steve at openssl.org> wrote:
> 
> > On Thu, Jul 16, 2015, Anirudh Raghunath wrote:
> > 
> > > Hello, 
> > > 
> > > I want to write a program in which I can load a certificate from a
> > > smartcard instead of having it in a file on the client machine. In
> > 
> > You may be able to make use of the automatic dynamic engine loading
> > mechanism to simplify things. You can pass the ENGINE DSO path as the
> > ENGINE name or to the function ENGINE_by_id() and it should load it.
> > 
> > I suggest you try it with the command line utility first.
> 
> Does openssl trunk already have API to load certificate from the engine?
> Last time I've looked for this API I've only found
> 
> int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
>         STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
>         STACK_OF(X509) **pother,
>         UI_METHOD *ui_method, void *callback_data);
> 
> which seems to be a bit too specific (where would I get an SSL pointer
> if I want to use this certificate in the mail client to sign a CMS
> message?) and is not supported by opensc PKCS11 engine.
> 
> 

No OpenSSL currently doesn't have an API to do that but the OP was asking
about how to use an external API that took an ENGINE pointer.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list