Hint for OpenSSL ENGINE / PKCS#11 #3692
Closed
Labels
Comments
I'd do it like this: --- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -838,15 +838,15 @@ int cert_stuff(struct connectdata *conn,
return 0;
}
- file_type = do_file_type(key_type);
+ if(!key_file)
+ key_file = cert_file;
+ else
+ file_type = do_file_type(key_type);
switch(file_type) {
case SSL_FILETYPE_PEM:
if(cert_done)
break;
- if(!key_file)
- /* cert & key can only be in PEM case in the same file */
- key_file = cert_file;
/* FALLTHROUGH */
case SSL_FILETYPE_ASN1:
if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
That works here for both PKCS#11 and file certs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm writing a new PKCS#11 engine for OpenSSL ( openssl/openssl#8200 ).
Testing with curl I saw that:
curl -E 'pkcs11:object=test' --key 'pkcs11:object=test;pin-value=secret' https://www.saela.eu/auth/index.php
works properly (this is result):
but with just
curl -E 'pkcs11:object=test; pin-value=secret'
I have
curl: (58) unable to set private key file: 'pkcs11:object=test;pin-value=secret' type PEM
I would like to suggest to insert at https://github.com/curl/curl/blob/master/lib/vtls/openssl.c#L842 these lines:
Best regards,
Antonio
The text was updated successfully, but these errors were encountered: