Hi,

I need some help to establish a communication channel to consume a webservice 
using SSLv3 with mutual authentication, libcurl and a smart card, which will 
store the client certificate, the key pair and will be responsible for 
signatures, encryptions, etc.

For testing purposes, without using the smart card, the following brief code 
runs smoothly:


....
(SOAP message configurations)
....

curl_easy_setopt (curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
curl_easy_setopt (curl, CURLOPT_SSLVERSION, 3);
curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 1);

curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_easy_setopt (curl, CURLOPT_SSLCERT, "clientCertificateFile");
curl_easy_setopt (curl, CURLOPT_KEYPASSWD, "testPrivateKeyPass");
curl_easy_setopt (curl, CURLOPT_SSLKEY, "testPrivateKeyFile");
curl_easy_setopt (curl, CURLOPT_CAINFO, "CAcertificateFile");
curl_easy_setopt (curl, CURLOPT_URL, "URLtoWebService");

curl_easy_perform (curl);




After running this code, I can establish communication using SSLv3
and get the expected response from the webservice. However, I need to
establish this secure channel using the smart card. I have free access
to the following information:




"clientCertificateFile" - stored on the smart card, in PEM format. It can be 
read through access function.
"CAcertificateFile" - stored on disk, in PEM format. It can be read through 
access function.
"URLtoWebService" - stored in the application.





"testPrivateKeyFile" and "testPrivateKeyPass" are temporary files
used only for testing and should be replaced by the smart card.





My doubt is: How to use the smart card to replace the private key and password 
in the libcurl setup process?





The smart card does not allow access to private key, only to the
public key, as expected. However, I can send to the smart card data to be signed
or encrypted, using the private key, and get the resulting buffer.





Is there any way to redirect part of the SSLv3 connection handshake to use my 
smart card? Some setting in lib ssl, or libcurl?





Thanks for listening!




-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html

Reply via email to