curl, see the
-E, --cert <certificate[:password]> switches in its manual page. Excerpt:
If curl is built against OpenSSL library, and the engine pkcs11 is available, then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in a PKCS#11 device. A string beginning with “pkcs11:” will be interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set as “pkcs11” if none was provided and the --cert-type option will be set as “ENG” if none was provided.
As long as OpenSSL is supported and the engine is configurable it should be possible with any tool / library.
I do not think we have any documentation for this in general unfortunately. Perhaps OpenSC discussion list would help you too (1) (2). For further searches I recommend looking for terms like following the conjointly:
- curl / python (etc.)
See this OpenSC/Using-pkcs11-tool-and-OpenSSL wiki page as well.
I hope this helps.
PS Have you looked into all links I have sent initially? They are not marked as visited on my side.