gnutls_certificate_set_x509_simple_pkcs12_file - API function


#include <gnutls/gnutls.h>

int gnutls_certificate_set_x509_simple_pkcs12_file(gnutls_certificate_credentials_t res, const char * pkcs12file, gnutls_x509_crt_fmt_t type, const char * password);


gnutls_certificate_credentials_t res is an gnutls_certificate_credentials_t structure.
const char * pkcs12file filename of file containing PKCS12 blob.
gnutls_x509_crt_fmt_t type is PEM or DER of the pkcs12file.
const char * password optional password used to decrypt PKCS12 file, bags and keys.


This function sets a certificate/private key pair and/or a CRL in the gnutls_certificate_credentials_t structure. This function may be called more than once (in case multiple keys/certificates exist for the server).


ed PKCS12 files are supported. Encrypted PKCS12 bags are supported. Encrypted PKCS8 private keys are supported. However, only password based security, and the same password for all operations, are supported.

The private keys may be RSA PKCS1 or DSA private keys encoded in the OpenSSL way.

PKCS12 file may contain many keys and/or certificates, and there is no way to identify which key/certificate pair you want. You should make sure the PKCS12 file only contain one key/certificate pair and/or one CRL.

It is believed that the limitations of this function is acceptable for most usage, and that any more flexibility would introduce complexity that would make it harder to use this functionality at all.


GNUTLS_E_SUCCESS on success, or an error code.


Report bugs to <>.


Copyright © 2008 Free Software Foundation. Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies.


The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command
info gnutls
should give you access to the complete manual.

openSUSE Logo