Need help using M2Crypto.Engine to access USB Token

Question

I am using M2Crypto-0.20.2. I want to use engine_pkcs11 from the OpenSC project and the Aladdin PKI client for token based authentication making xmlrpc calls over ssl.

Answer 1

I don't know what and why the engine_init code present in current M2Crypto is supposed to do. Exposing ENGINE_init() as engine_init2 with the following patch to M2Crypto helps:

Index: SWIG/_engine.i
===================================================================
--- SWIG/_engine.i  (revision 719)
+++ SWIG/_engine.i  (working copy)
@@ -44,6 +44,9 @@
 %rename(engine_free) ENGINE_free;
 extern int ENGINE_free(ENGINE *);

+%rename(engine_init2) ENGINE_init;
+extern int ENGINE_init(ENGINE *);
+
 /*
  * Engine id/name functions
  */

After this, the following code takes me further (but urllib does not fully work for me currently):

import sys, os, time, cgi, urllib, urlparse
from M2Crypto import m2urllib2 as urllib2
from M2Crypto import m2, SSL, Engine

# load dynamic engine
e = Engine.load_dynamic_engine("pkcs11", "/Users/martin/prefix/lib/engines/engine_pkcs11.so")
pk = Engine.Engine("pkcs11")
pk.ctrl_cmd_string("MODULE_PATH", "/Library/OpenSC/lib/opensc-pkcs11.so")

m2.engine_init2(m2.engine_by_id("pkcs11")) # This makes the trick

cert = e.load_certificate("slot_01-id_01")
key = e.load_private_key("slot_01-id_01", sys.argv[1])

ctx = SSL.Context("sslv23")
ctx.set_cipher_list("HIGH:!aNULL:!eNULL:@STRENGTH")
ctx.set_session_id_ctx("foobar")
m2.ssl_ctx_use_x509(ctx.ctx, cert.x509)
m2.ssl_ctx_use_pkey_privkey(ctx.ctx, key.pkey)

opener = urllib2.build_opener(ctx)
urllib2.install_opener(opener)