On Fri, Jul 17, 2015, Victor Wagner wrote: > On Fri, 17 Jul 2015 00:10:27 +0000 > "Dr. Stephen Henson" <steve at openssl.org> wrote: > > > On Thu, Jul 16, 2015, Anirudh Raghunath wrote: > > > > > Hello, > > > > > > I want to write a program in which I can load a certificate from a > > > smartcard instead of having it in a file on the client machine. In > > > > You may be able to make use of the automatic dynamic engine loading > > mechanism to simplify things. You can pass the ENGINE DSO path as the > > ENGINE name or to the function ENGINE_by_id() and it should load it. > > > > I suggest you try it with the command line utility first. > > Does openssl trunk already have API to load certificate from the engine? > Last time I've looked for this API I've only found > > int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, > STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, > STACK_OF(X509) **pother, > UI_METHOD *ui_method, void *callback_data); > > which seems to be a bit too specific (where would I get an SSL pointer > if I want to use this certificate in the mail client to sign a CMS > message?) and is not supported by opensc PKCS11 engine. > > No OpenSSL currently doesn't have an API to do that but the OP was asking about how to use an external API that took an ENGINE pointer. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
