gnutls_certificate_set_x509_trust_file — API function

Synopsis

#include <gnutls/gnutls.h>

int gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t            cred, const char * cafile, gnutls_x509_crt_fmt_t type);

Arguments

gnutls_certificate_credentials_t            cred

is a gnutls_certificate_credentials_t type.

const char * cafile

is a file containing the list of trusted CAs (DER or PEM list)

gnutls_x509_crt_fmt_t type

is PEM or DER

Description

This function adds the trusted CAs in order to verify client or server certificates. In case of a client this is not required to be called if the certificates are not verified using gnutls_certificate_verify_peers2().  This function may be called multiple times.

In case of a server the names of the CAs set here will be sent to the client if a certificate request is sent. This can be disabled using gnutls_certificate_send_x509_rdn_sequence().

This function can also accept URLs. In that case it will import all certificates that are marked as trusted. Note that the supported URLs are the ones indicated by gnutls_url_is_supported().

Returns

the number of certificates processed

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls