int gnutls_certificate_set_x509_simple_pkcs12_mem(gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob, gnutls_x509_crt_fmt_t type, const char * password);
- gnutls_certificate_credentials_t res
- is a gnutls_certificate_credentials_t type.
- const gnutls_datum_t * p12blob
- the PKCS12 blob.
- gnutls_x509_crt_fmt_t type
- is PEM or DER of the pkcs12file .
- const char * password
- optional password used to decrypt PKCS12 file, bags and keys.
DESCRIPTIONThis function sets a certificate/private key pair and/or a CRL in the gnutls_certificate_credentials_t type. This function may be called more than once (in case multiple keys/certificates exist for the server).
Encrypted PKCS12 bags and PKCS8 private keys are supported. However, only password based security, and the same password for all operations, are supported.
PKCS12 file may contain many keys and/or certificates, and this function will try to auto-detect based on the key ID the certificate and key pair to use. If the PKCS12 file contain the issuer of the selected certificate, it will be appended to the certificate to form a chain.
If more than one private keys are stored in the PKCS12 file, then only one key will be read (and it is undefined which one).
It is believed that the limitations of this function is acceptable for most usage, and that any more flexibility would introduce complexity that would make it harder to use this functionality at all.
RETURNSGNUTLS_E_SUCCESS (0) on success, or a negative error code.
COPYRIGHTCopyright © 2001-2016 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.