Openssl: pkcs11 engine


Hi! I am creating an application using the openssl crate, created by @sfackler. My question is, are openssl enginges somehow supported in this crate? I need to integrate smartcard support, which on debian is piece of cake and works out of the box with the openssl tool. Just install the libengine-pkcs11-openssl package. On the shell I can create a server using the private key on my token using sth. like this:

$ openssl s_server -engine pkcs11 -cert ~/cert.pem -keyform engine  -key "pkcs11:serial=0005000037f5"

For the sake of completeness, the certificate can be generated using this command:

$ openssl req -engine pkcs11 -new -key "pkcs11:serial=0005000037f5" -keyform engine -out ~/cert.pem -text -x509

So, in theory I “just” need to enable the pkcs11 engine in the rust openssl crate and specify the relevant keypath. I fear that the support is disabled, since I found this

in the build script. Can I somehow use the pkcs11 openssl engine with the rust openssl crate?


The code you linked in the build script is checking if engines were enabled or not in the openssl distribution. It doesn’t build openssl itself.