We have the following use case:
1. via libcurl, attempt SSL/TLS connection to a CAC-protected (PKI-enabled)
server.
2. Receive server PKI challenge, asking for an appropriate certificate (likely
X.509).
3. via libcurl (or libcurl + openSSL?), present the user with a list a
certificates available on
his/her CAC (smartcard). The card must be in the reader.
4. User selects certificate.
5. User receives a PIN challenge for the selected certificate.
6. Proper PIN is submitted.
7. The certificate response is sent to the server.
7. The TLS connection started in step #1 completes.
How do we build/configure libcurl (and openSSL?) to achieve this?
If this capability is via API (not build or configuration), which members of
the libcurl API
are relevant?
Our starting line:
res = CURLE_OK;
curl_easy_setopt(curl, CURLOPT_URL, "<an-https-url>"
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
res = curl_easy_perform(curl);
V/r,
Lee
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
