gnutls_pkcs11_get_raw_issuer_by_subject_key_id(3) API function


#include <gnutls/pkcs11.h>

int gnutls_pkcs11_get_raw_issuer_by_subject_key_id(const char * url, const gnutls_datum_t * dn, const gnutls_datum_t * spki, gnutls_datum_t * issuer, gnutls_x509_crt_fmt_t fmt, unsigned int flags);


const char * url
A PKCS 11 url identifying a token
const gnutls_datum_t * dn
is the DN to search for (may be NULL)
const gnutls_datum_t * spki
is the subject key ID to search for
gnutls_datum_t * issuer
Will hold the issuer if any in an allocated buffer.
gnutls_x509_crt_fmt_t fmt
The format of the exported issuer.
unsigned int flags
Use zero or flags from GNUTLS_PKCS11_OBJ_FLAG.


This function will return the certificate with the given DN and spki , if it is stored in the token. By default only marked as trusted issuers are retuned. If any issuer should be returned specify GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in flags .

The name of the function includes issuer because it can be used to discover issuers of certificates.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.




Report bugs to <[email protected]>.
Home page:


Copyright © 2001-2016 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.