Hello again, I tried to use cURL with the patched engine_pkcs11 and it does not work.
When I investigate the sources, I find retrieving a password from 'callback_data' in get_pin is very BAD idea. I'm sorry for confusing patch... Now I'm trying to implement options like '-pre' or '-post' options in 'openssl engine' command to cURL, openssl s_client, and so on. Anyway I think using free_pin() shared function is useful. Thanks in advance, 2006/9/18, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
Hello! I am using engine_pkcs11 (trunk in repository) with OpenSSL. I want to pass PIN for commands of 'rsautl', 'smime' or 's_client', but ONLY 'openssl req' command can use -config option. There is a hint in a ticket "engine_pkcs11 doesn't forward PIN" http://www.opensc-project.org/engine_pkcs11/ticket/5 then I made a patch in attachment. Now I can use '-pass' option in openssl like below: % openssl OpenSSL> engine -t dynamic -pre SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/pkcs11/libasepkcs.so -post VERBOSE OpenSSL> s_client -connect example.com:443 -CApath /etc/ssl/certs -verify 5 -engine pkcs11 -key 45 -keyform engine -cert /tmp/example.crt -pass pass:12345678 Also this patch includes a shared function 'free_pin()' for freeing 'pin' variable after whitened. Thanks in advance,
engine_pkcs11_with_free_pin.diff
Description: Binary data
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
