Hello again,
I tried to use cURL with the patched engine_pkcs11
and it does not work.
When I investigate the sources,
I find retrieving a password from 'callback_data' in
get_pin is
very BAD idea. I'm sorry for confusing patch...
Now I'm trying to implement options like '-pre' or
'-post' options in
'openssl engine' command to cURL, openssl s_client, and so
on.
Anyway I think using free_pin() shared function is useful.
Thanks in advance,
2006/9/18, kamiya.satosi gmail.com
<kamiya.satosigmail.com>:
> Hello!
>
> I am using engine_pkcs11 (trunk in repository) with
OpenSSL.
>
> I want to pass PIN for commands of 'rsautl',
'smime' or 's_client',
> but ONLY 'openssl req' command can use -config
option.
>
> There is a hint in a ticket "engine_pkcs11
doesn't forward PIN"
>
http://www.opensc-project.org/engine_pkcs11/ticket/5
> then I made a patch in attachment.
>
> Now I can use '-pass' option in openssl like below:
> % openssl
> OpenSSL> engine -t dynamic -pre
> SO_PATH:/usr/local/lib/engines/engine_pkcs11.so -pre
ID:pkcs11 -pre
> LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:/usr/lib/pkcs11/libasepkcs.so
> -post VERBOSE
> OpenSSL> s_client -connect example.com:443 -CApath
/etc/ssl/certs
> -verify 5 -engine pkcs11 -key 45 -keyform engine -cert
/tmp/example.crt
> -pass pass:12345678
>
>
> Also this patch includes a shared function
'free_pin()'
> for freeing 'pin' variable after whitened.
>
> Thanks in advance,
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel |