Re: Using Coolkey with cURL (UNCLASSIFIED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Classification:  UNCLASSIFIED 
Caveats: NONE

Though, thinking about it more, curl is on the NSS Complete list on the Fedora CryptoConsolidation project page.

http://fedoraproject.org/wiki/FedoraCryptoConsolidation

So I would focus on :

1) cheat and use the nss-gui app to get your $HOME/.nss/ db setup right. ( Sorry rr )
2) setup the NSS mapper ( easy way to check to make sure you have all roots/int installed for cert )
2a) Run certutil -d <path from step 1> -L and note the Nicknames of the certs
3) test with pkcs11_mapper to make sure you can resolve your cert in NSSDB
4) look for the cert hash option in curl man page ( see below )

======

-E, --cert <certificate[:password]>

[ ...blah ...]

If curl is built against the NSS SSL library then this option can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname.

If this option is used several times, the last one will be used.

====

5) test, do manly ( or womanly ) dance of success
6) drink beer

-----Original Message-----
From: Joel Odom [mailto:joelodom@xxxxxxxxx] 
Sent: Thursday, September 29, 2011 2:51 PM
To: Lippold, Aaron L CIV DISA CIAE
Cc: Chris Bailey; Joel Odom
Subject: Re:  Using Coolkey with cURL (UNCLASSIFIED)

Great idea.  We have some existing ties there from the FalconView
project that we can probably ask.  Thanks.



On Thu, Sep 29, 2011 at 2:42 PM, Lippold, Aaron L CIV DISA CIAE
<Aaron.Lippold@xxxxxxxx> wrote:
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
> Hi,
>
> I think that the Forge.mil team also used cURL for testing our large file upload feature that we "CAC"/smartcard enabled.
>
> Perhaps they can give you some pointers as well.
>
> Aaron
>
> -----Original Message-----
> From: coolkey-devel-bounces@xxxxxxxxxx [mailto:coolkey-devel-bounces@xxxxxxxxxx] On Behalf Of Kamil Dudka
> Sent: Wednesday, September 28, 2011 4:30 PM
> To: Robert Relyea
> Cc: coolkey-devel@xxxxxxxxxx
> Subject: Re:  Using Coolkey with cURL
>
> On Wednesday 28 September 2011 22:07:36 Robert Relyea wrote:
>> How is your libcurl built? If you build with NSS, then you should be
>> able use coolkey/PKCS #11.
>>
>> I think libcurl defaults to open /etc/pki/nssdb as the default NSS
>
> Yes, this can be overridden by the $SSL_DIR environment variable, although
> the sql: prefix is hard-wired in libcurl.
>
>> database. If you install coolkey using modutil, it should be available.
>> The only issue is whether or not libcurl can prompt for a password.
>
> Yes, see --pass of curl(1) and CURLOPT_KEYPASSWD of curl_easy_setopt(3).
>
> Kamil
>
> _______________________________________________
> Coolkey-devel mailing list
> Coolkey-devel@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/coolkey-devel
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
>
> _______________________________________________
> Coolkey-devel mailing list
> Coolkey-devel@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/coolkey-devel
>
>
Classification:  UNCLASSIFIED 
Caveats: NONE


_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux