On first hand please excuse me for my poor english.
I'm developping an application into which i would like to mount an SSL
tunnel using certificate and private key from a pkcs#11 token.
After having check code from openVPN or Stunnel, i don't understand
the way it is done.

Using the following scheme :
- The server onto which i want to connect is configured to check
client certificate.
- on the client i'm programming, i've configured OpenSSL ENGINE to use
engine_pkcs11 with the middleware of my token.
This point seems to be ok since, ENGINE_init is ok, and i can get a
certificate from the smartcard.

If i clearly undertand; using of my token is just during the ssl
handshake to authenticate the user.
So i probably need to sign something with the private key associated
to the certificate i send. this object is stored on a smartcard and is
not exportable, so i need to use a function provided by the middleware
to sign. so i probably need to setup SSL_CTX or SSL object to use a
callback function pointing on the middleware sign function.

is it true ? If it is, could please explain me how to setup my SSL_CTX
or SSL object to do this ?