/** * gnutls_certificate_set_x509_key_mem2: * @res: is a #gnutls_certificate_credentials_t type. * @cert: contains a certificate list (path) for the specified private key * @key: is the private key, or %NULL * @type: is PEM or DER * @pass: is the key's password * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t * * This function sets a certificate/private key pair in the * gnutls_certificate_credentials_t type. This function may be called * more than once, in case multiple keys/certificates exist for the * server. * * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates * is supported. This means that certificates intended for signing cannot * be used for ciphersuites that require encryption. * * If the certificate and the private key are given in PEM encoding * then the strings that hold their values must be null terminated. * * The @key may be %NULL if you are using a sign callback, see * gnutls_sign_callback_set(). * * Note that, this function by default returns zero on success and a negative value on error. * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags() * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. * * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). **/ int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res, const gnutls_datum_t * cert, const gnutls_datum_t * key, gnutls_x509_crt_fmt_t type, const char *pass, unsigned int flags) { int ret; gnutls_privkey_t rkey; /* this should be first */ if ((ret = _gnutls_read_key_mem(res, key ? key->data : NULL, key ? key->size : 0, type, pass, flags, &rkey)) < 0) return ret; if ((ret = read_cert_mem(res, rkey, cert->data, cert->size, type)) < 0) { gnutls_privkey_deinit(rkey); return ret; } res->ncerts++; if (key && (ret = _gnutls_check_key_cert_match(res)) < 0) { gnutls_assert(); return ret; } CRED_RET_SUCCESS(res); }
/** * gnutls_certificate_set_x509_key_mem: * @res: is a #gnutls_certificate_credentials_t structure. * @cert: contains a certificate list (path) for the specified private key * @key: is the private key, or %NULL * @type: is PEM or DER * * This function sets a certificate/private key pair in the * gnutls_certificate_credentials_t structure. This function may be called * more than once (in case multiple keys/certificates exist for the * server). * * Currently are supported: RSA PKCS-1 encoded private keys, * DSA private keys. * * DSA private keys are encoded the OpenSSL way, which is an ASN.1 * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. * * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates * is supported. This means that certificates intended for signing cannot * be used for ciphersuites that require encryption. * * If the certificate and the private key are given in PEM encoding * then the strings that hold their values must be null terminated. * * The @key may be %NULL if you are using a sign callback, see * gnutls_sign_callback_set(). * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res, const gnutls_datum_t * cert, const gnutls_datum_t * key, gnutls_x509_crt_fmt_t type) { int ret; /* this should be first */ if ((ret = read_key_mem (res, key ? key->data : NULL, key ? key->size : 0, type)) < 0) return ret; if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0) return ret; res->ncerts++; if (key && (ret = _gnutls_check_key_cert_match (res)) < 0) { gnutls_assert (); return ret; } return 0; }
/* Reads a certificate file */ static int read_cert_file(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const char *certfile, gnutls_x509_crt_fmt_t type) { int ret; size_t size; char *data; if (gnutls_url_is_supported(certfile)) { return read_cert_url(res, key, certfile); } data = read_binary_file(certfile, &size); if (data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; } ret = read_cert_mem(res, key, data, size, type); free(data); return ret; }
/* Reads a certificate file */ static int read_cert_file (gnutls_certificate_credentials_t res, const char *certfile, gnutls_x509_crt_fmt_t type) { int ret; size_t size; char *data = read_binary_file (certfile, &size); if (data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; } ret = read_cert_mem (res, data, size, type); free (data); return ret; }