Hi, On Thu, Jul 25, 2024 at 10:46:18AM GMT, Sam Hartman wrote: > We have been heavily using curl to make API requests using smartcard > authentication. We have a private key and certificate on a Yubikey, and > we use curl to perform a pkcs11-authenticated login to get an API token. > > Unfortunately, according to the curl man page, pkcs11 support is only > available if curl is built against openssl.
We had some feedback from the discussion in upstream's BTS and apparently curl does support pkcs#11 with gnutls backend: Comment in #14925 [1]: > I setup softhsm2 and imported private key and certificate, and then giving > pkcs#11 to curl just works: > > curl --cert 'pkcs11:URL' --pass <PIN> https://... Could you check that, Sam? On Tue, Aug 27, 2024 at 10:41:38AM GMT, Wouter Verhelst wrote: > I have a similar problem, but with PKCS#12 files rather than PKCS#11 > libraries. GnuTLS tries to interpret them as PEM files, which obviously > goes very wrong. It was merged upstream [2] and will be available in the next release (8.11.0)! Cheers, Charles [1] https://github.com/curl/curl/issues/14925#issuecomment-2373725382 [2] https://github.com/curl/curl/commit/7307c1a289a75e164bd5cf000458f2a5a2f133f4
