You are correct, Ray. This is a reiteration of my question [1] you listed below.
Thank you for those 3 links. I do not remember seeing [2]. I know I have never seen [3]. I will share these links with my team. As you recommend, I will also get in touch with the OpenSSL dev list regarding their pending release. V/r, Lee ________________________________ From: curl-library [[email protected]] on behalf of Ray Satiro via curl-library [[email protected]] Sent: Wednesday, May 04, 2016 6:10 PM To: [email protected] Cc: Ray Satiro Subject: EXTERNAL: Re: libcurl, CACs, and SSL/TLS On 5/4/2016 5:20 PM, Mckinney, Lee wrote: We have the following use case: 1. via libcurl, attempt SSL/TLS connection to a CAC-protected (PKI-enabled) server. 2. Receive server PKI challenge, asking for an appropriate certificate (likely X.509). 3. via libcurl (or libcurl + openSSL?), present the user with a list a certificates available on his/her CAC (smartcard). The card must be in the reader. 4. User selects certificate. 5. User receives a PIN challenge for the selected certificate. 6. Proper PIN is submitted. 7. The certificate response is sent to the server. 7. The TLS connection started in step #1 completes. How do we build/configure libcurl (and openSSL?) to achieve this? If this capability is via API (not build or configuration), which members of the libcurl API are relevant? Our starting line: res = CURLE_OK; curl_easy_setopt(curl, CURLOPT_URL, "<an-https-url>" curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); res = curl_easy_perform(curl); I think this is the same question you asked several months ago [1]? If you are not aware there was a reply at [2]. According to Petr this seems unsupported at the moment in OpenSSL. There's a new release of OpenSSL coming very soon, you may want to ask their list if it's possible to do what you are trying to do. If it is possible in OpenSSL but not in libcurl you could propose a set of changes for discussion. It looks like someone was able to modify schannel in libcurl (WinSSL) to do something similar [3], but I can't find those changes ever made it in. I wrote the author to find out. [1]: https://curl.haxx.se/mail/lib-2015-12/0121.html [2]: https://curl.haxx.se/mail/lib-2016-01/0001.html [3]: https://curl.haxx.se/mail/lib-2014-01/0254.html
------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
