-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl with GnuTLS doesn't support pkcs1{1,2} #14925
Comments
#14991 adds PKCS#12 support. As for PKCS#11, the documentation of gnutls_certificate_set_x509_key_file2, which curl currently uses when password is given, says it supports PKCS#11 URI:
With some adjustment, curl might be able to support PKCS#11 as well, but I am not an expert in this area, and does not know how to test this stuff. |
I setup softhsm2 and imported private key and certificate, and then giving pkcs#11 to curl just works:
|
@sergiodj PKCS#12 support will be available in the next curl release. GnuTLS backend should have already supported PKCS#11 with --cert option. |
Hi @tatsuhiro-t, Thanks for the feedback and for implementing the feature! Much appreciated. I see that @charles2910 already notified the reporters in the Debian bug, which is good because they have the proper setup to test things. We'll let you know if there's any problem. Cheers. |
Closing this, as it seems it supports both (now). |
I did this
Hi,
This is the upstream counterpart of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077060.
As you're probably aware, recently Debian has made a decision to link curl against libcurl built with GnuTLS support (instead of OpenSSL), and we're now in the process of collecting feedback from the community about possible issues with the transition.
Something that was raised recently was that the support for pkcs11 and pkcs12 stopped working with GnuTLS. Upon a closer inspection of curl's code, I noticed that it doesn't seem to make use of the primitives (pkcs11 and pkcs12) necessary for implementing support for such standards.
I expected the following
It would be great if we could have proper support for pkcs1{1,2}. I believe this is one of the most important features that is missing from the GnuTLS version of curl.
curl/libcurl version
The downstream bug was filed against version
8.9.1-2
, but the GnuTLS support code still doesn't have pkcs* support onmaster
.operating system
Debian GNU/Linux
The text was updated successfully, but these errors were encountered: