gnutls_certificate_set_x509_key_mem — API function

Synopsis

#include <gnutls/gnutls.h>

int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t res, const gnutls_datum_t * cert, const gnutls_datum_t * key, gnutls_x509_crt_fmt_t type);

Arguments

gnutls_certificate_credentials_t res

is a gnutls_certificate_credentials_t type.

const gnutls_datum_t * cert

contains a certificate list (path) for the specified private key

const gnutls_datum_t * key

is the private key, or NULL

gnutls_x509_crt_fmt_t type

is PEM or DER

Description

This function sets a certificate/private key pair in the gnutls_certificate_credentials_t type. This function may be called more than once, in case multiple keys/certificates exist for the server.

Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates is supported. This means that certificates intended for signing cannot be used for ciphersuites that require encryption.

If the certificate and the private key are given in PEM encoding then the strings that hold their values must be null terminated.

The  key may be NULL if you are using a sign callback, see gnutls_sign_callback_set().

Note that, this function by default returns zero on success and a negative value on error. Since 3.5.6, when the flag GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags() it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair.

Returns

On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior).

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls