/**
* gnutls_certificate_set_x509_key_mem2:
* @res: is a #gnutls_certificate_credentials_t type.
* @cert: contains a certificate list (path) for the specified private key
* @key: is the private key, or %NULL
* @type: is PEM or DER
* @pass: is the key's password
* @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
*
* This function sets a certificate/private key pair in the
* gnutls_certificate_credentials_t type. This function may be called
* more than once, in case multiple keys/certificates exist for the
* server.
*
* Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
* is supported. This means that certificates intended for signing cannot
* be used for ciphersuites that require encryption.
*
* If the certificate and the private key are given in PEM encoding
* then the strings that hold their values must be null terminated.
*
* The @key may be %NULL if you are using a sign callback, see
* gnutls_sign_callback_set().
*
* Note that, this function by default returns zero on success and a negative value on error.
* Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags()
* it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair.
*
* Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior).
**/
int
gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res,
const gnutls_datum_t * cert,
const gnutls_datum_t * key,
gnutls_x509_crt_fmt_t type,
const char *pass, unsigned int flags)
{
int ret;
gnutls_privkey_t rkey;
/* this should be first
*/
if ((ret = _gnutls_read_key_mem(res, key ? key->data : NULL,
key ? key->size : 0, type, pass,
flags, &rkey)) < 0)
return ret;
if ((ret = read_cert_mem(res, rkey, cert->data, cert->size, type)) < 0) {
gnutls_privkey_deinit(rkey);
return ret;
}
res->ncerts++;
if (key && (ret = _gnutls_check_key_cert_match(res)) < 0) {
gnutls_assert();
return ret;
}
CRED_RET_SUCCESS(res);
}
/**
* gnutls_certificate_set_x509_key_mem:
* @res: is a #gnutls_certificate_credentials_t structure.
* @cert: contains a certificate list (path) for the specified private key
* @key: is the private key, or %NULL
* @type: is PEM or DER
*
* This function sets a certificate/private key pair in the
* gnutls_certificate_credentials_t structure. This function may be called
* more than once (in case multiple keys/certificates exist for the
* server).
*
* Currently are supported: RSA PKCS-1 encoded private keys,
* DSA private keys.
*
* DSA private keys are encoded the OpenSSL way, which is an ASN.1
* DER sequence of 6 INTEGERs - version, p, q, g, pub, priv.
*
* Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
* is supported. This means that certificates intended for signing cannot
* be used for ciphersuites that require encryption.
*
* If the certificate and the private key are given in PEM encoding
* then the strings that hold their values must be null terminated.
*
* The @key may be %NULL if you are using a sign callback, see
* gnutls_sign_callback_set().
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
const gnutls_datum_t * cert,
const gnutls_datum_t * key,
gnutls_x509_crt_fmt_t type)
{
int ret;
/* this should be first
*/
if ((ret = read_key_mem (res, key ? key->data : NULL,
key ? key->size : 0, type)) < 0)
return ret;
if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0)
return ret;
res->ncerts++;
if (key && (ret = _gnutls_check_key_cert_match (res)) < 0)
{
gnutls_assert ();
return ret;
}
return 0;
}
/* Reads a certificate file
*/
static int
read_cert_file(gnutls_certificate_credentials_t res,
gnutls_privkey_t key,
const char *certfile, gnutls_x509_crt_fmt_t type)
{
int ret;
size_t size;
char *data;
if (gnutls_url_is_supported(certfile)) {
return read_cert_url(res, key, certfile);
}
data = read_binary_file(certfile, &size);
if (data == NULL) {
gnutls_assert();
return GNUTLS_E_FILE_ERROR;
}
ret = read_cert_mem(res, key, data, size, type);
free(data);
return ret;
}
/* Reads a certificate file
*/
static int
read_cert_file (gnutls_certificate_credentials_t res,
const char *certfile, gnutls_x509_crt_fmt_t type)
{
int ret;
size_t size;
char *data = read_binary_file (certfile, &size);
if (data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
ret = read_cert_mem (res, data, size, type);
free (data);
return ret;
}
