I had asked this on the opensc-users list, but realized its more of an openssl question.

using the wclient2.c sample program [1] from this article [2] as a starting place
http://www.linuxjournal.com/article/5487
http://www.rtfm.com/openssl-examples/openssl-examples-20020110.tar.gz

I want to use engine_pkcs11 [3] to provide the client authentication of an ssl connection via a USB pki token, but I have yet to find any programming documentation, The engine_pkcs11 I've built seems to work with the command line examples, but now I need to use it in a C program to authenticate an ssl session.

In that wclient2 sample program, the connect sequence is ...

   ctx=initialize_ctx(KEYFILE,PASSWORD);
   SSL_CTX_set_cipher_list(ctx,ciphers);
   sock=tcp_connect(host,port);
   ssl=SSL_new(ctx);
   sbio=BIO_new_socket(sock,BIO_NOCLOSE);
   SSL_set_bio(ssl,sbio,sbio);
   if(SSL_connect(ssl)<=0) berr_exit("SSL connect error");
   if(require_server_auth)
     check_cert(ssl,host);


any tips, pointers, references, etc on how I can figure this out? there doesn't seem to be any API documentation on using this engine at all, the only docs I see on the opensc wiki are a command line example.

Since i originally asked the above, I've gathered that I do this with the ENGINE_xxxxx [4] api's of openssl (btw, you know I only found that man page with google, I don't see any links to it on [5]

So, I guess what I'm asking is for a tutorial or howto or cookbook example of using ENGINE_xxxx to invoke the engine_pkcs11 from [3] in order to use a token to do ssl client authentication.





[1] http://www.rtfm.com/openssl-examples/openssl-examples-20020110.tar.gz
[2] http://www.linuxjournal.com/article/5487
[3] http://www.opensc-project.org/engine_pkcs11/
[4] http://www.openssl.org/docs/crypto/engine.html
[5] http://www.openssl.org/docs/



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to