gnutls_x509_crl_privkey_sign — API function

Synopsis

#include <gnutls/abstract.h>

int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags);

Arguments

gnutls_x509_crl_t crl

should contain a gnutls_x509_crl_t type

gnutls_x509_crt_t issuer

is the certificate of the certificate issuer

gnutls_privkey_t issuer_key

holds the issuer's private key

gnutls_digest_algorithm_t dig

The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing.

unsigned int flags

must be 0

Description

This function will sign the CRL with the issuer's private key, and will copy the issuer's information into the CRL.

This must be the last step in a certificate CRL since all the previously set parameters are now signed.

A known limitation of this function is, that a newly-signed CRL will not be fully functional (e.g., for signature verification), until it is exported an re-imported.

After GnuTLS 3.6.1 the value of  dig may be GNUTLS_DIG_UNKNOWN, and in that case, a suitable but reasonable for the key algorithm will be selected.

Returns

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Since 2.12.0

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls