I had asked this on the opensc-users list, but realized its more of an
openssl question.
using the wclient2.c sample program [1] from this article [2] as a
starting place
http://www.linuxjournal.com/article/5487
http://www.rtfm.com/openssl-examples/openssl-examples-20020110.tar.gz
I want to use engine_pkcs11 [3] to provide the client authentication of
an ssl connection via a USB pki token, but I have yet to find any
programming documentation, The engine_pkcs11 I've built seems to work
with the command line examples, but now I need to use it in a C program
to authenticate an ssl session.
In that wclient2 sample program, the connect sequence is ...
ctx=initialize_ctx(KEYFILE,PASSWORD);
SSL_CTX_set_cipher_list(ctx,ciphers);
sock=tcp_connect(host,port);
ssl=SSL_new(ctx);
sbio=BIO_new_socket(sock,BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio);
if(SSL_connect(ssl)<=0) berr_exit("SSL connect error");
if(require_server_auth)
check_cert(ssl,host);
any tips, pointers, references, etc on how I can figure this out?
there doesn't seem to be any API documentation on using this engine at
all, the only docs I see on the opensc wiki are a command line example.
Since i originally asked the above, I've gathered that I do this with
the ENGINE_xxxxx [4] api's of openssl (btw, you know I only found that
man page with google, I don't see any links to it on [5]
So, I guess what I'm asking is for a tutorial or howto or cookbook
example of using ENGINE_xxxx to invoke the engine_pkcs11 from [3] in
order to use a token to do ssl client authentication.
[1] http://www.rtfm.com/openssl-examples/openssl-examples-20020110.tar.gz
[2] http://www.linuxjournal.com/article/5487
[3] http://www.opensc-project.org/engine_pkcs11/
[4] http://www.openssl.org/docs/crypto/engine.html
[5] http://www.openssl.org/docs/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org