/** * gnutls_x509_crt_privkey_sign: * @crt: a certificate of type #gnutls_x509_crt_t * @issuer: is the certificate of the certificate issuer * @issuer_key: holds the issuer's private key * @dig: The message digest to use, %GNUTLS_DIG_SHA1 is a safe choice * @flags: must be 0 * * This function will sign the certificate with the issuer's private key, and * will copy the issuer's information into the certificate. * * This must be the last step in a certificate generation since all * the previously set parameters are now signed. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags) { int result; if (crt == NULL || issuer == NULL || issuer_key == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } /* disable all the unneeded OPTIONAL fields. */ disable_optional_stuff(crt); result = _gnutls_x509_pkix_sign(crt->cert, "tbsCertificate", dig, issuer, issuer_key); if (result < 0) { gnutls_assert(); return result; } return 0; }
/** * gnutls_x509_crl_privkey_sign: * @crl: should contain a gnutls_x509_crl_t type * @issuer: is the certificate of the certificate issuer * @issuer_key: holds the issuer's private key * @dig: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing. * @flags: must be 0 * * This function will sign the CRL with the issuer's private key, and * will copy the issuer's information into the CRL. * * This must be the last step in a certificate CRL since all * the previously set parameters are now signed. * * A known limitation of this function is, that a newly-signed CRL will not * be fully functional (e.g., for signature verification), until it * is exported an re-imported. * * After GnuTLS 3.6.1 the value of @dig may be %GNUTLS_DIG_UNKNOWN, * and in that case, a suitable but reasonable for the key algorithm will be selected. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since 2.12.0 **/ int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags) { int result; if (crl == NULL || issuer == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } if (dig == 0) { result = gnutls_x509_crt_get_preferred_hash_algorithm(issuer, &dig, NULL); if (result < 0) return gnutls_assert_val(result); } /* disable all the unneeded OPTIONAL fields. */ disable_optional_stuff(crl); result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList", dig, 0, issuer, issuer_key); if (result < 0) { gnutls_assert(); return result; } return 0; }