CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLKEYTYPE, char *type);
The format "ENG" enables you to load the private key from a crypto engine. In this case CURLOPT_SSLKEY(3) is used as an identifier passed to the engine. You have to set the crypto engine with CURLOPT_SSLENGINE(3). "DER" format key file currently does not work because of a bug in OpenSSL.
The application does not have to keep the string around after setting this option.
CURL *curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); ret = curl_easy_perform(curl); curl_easy_cleanup(curl); }