Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.
Sign upHint for OpenSSL ENGINE / PKCS#11 #3692
Comments
This comment has been minimized.
This comment has been minimized.
jay
added
SSL/TLS
cmdline tool
labels
Mar 20, 2019
This comment has been minimized.
This comment has been minimized.
|
I'd do it like this: --- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -838,15 +838,15 @@ int cert_stuff(struct connectdata *conn,
return 0;
}
- file_type = do_file_type(key_type);
+ if(!key_file)
+ key_file = cert_file;
+ else
+ file_type = do_file_type(key_type);
switch(file_type) {
case SSL_FILETYPE_PEM:
if(cert_done)
break;
- if(!key_file)
- /* cert & key can only be in PEM case in the same file */
- key_file = cert_file;
/* FALLTHROUGH */
case SSL_FILETYPE_ASN1:
if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
That works here for both PKCS#11 and file certs. |
This was referenced Mar 20, 2019
dwmw2
closed this
in
#3693
Mar 20, 2019
dwmw2
added a commit
that referenced
this issue
Mar 20, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
opensignature commentedMar 20, 2019
I'm writing a new PKCS#11 engine for OpenSSL ( openssl/openssl#8200 ).
Testing with curl I saw that:
curl -E 'pkcs11:object=test' --key 'pkcs11:object=test;pin-value=secret' https://www.saela.eu/auth/index.phpworks properly (this is result):
but with just
curl -E 'pkcs11:object=test; pin-value=secret'I have
curl: (58) unable to set private key file: 'pkcs11:object=test;pin-value=secret' type PEMI would like to suggest to insert at https://github.com/curl/curl/blob/master/lib/vtls/openssl.c#L842 these lines:
Best regards,
Antonio