Ludolf Holzheid wrote:
error stack: 26096080 : error:26096080:engine routines:ENGINE_load_private_key:failed loading private key error stack: 800050A0 : error:800050A0:Vendor defined:PKCS11_login:PIN incorrect
Do I have to add a special engine control option to the configuration file in order to get asked for the PIN or is it intended to `just work'?
There is no need to add any special options. It worked since stunnel 4.18, and I have tested it with some other tokens.
I guess you have the problem with the engine-pkcs11-0.1.4 bug introduced by Andreas Hasenack: http://www.opensc-project.org/engine_pkcs11/changeset/54 I guess Andreas was reading sources of OpenSSL sample applications and incorrectly assumed that any other application is expected to use the same structure for user callback data.
The problem was already reported to OpenSC developers: http://www.opensc-project.org/engine_pkcs11/ticket/11
Best regards, Mike