/**
* gnutls_certificate_set_x509_key_file2:
* @res: is a #gnutls_certificate_credentials_t type.
* @certfile: is a file that containing the certificate list (path) for
* the specified private key, in PKCS7 format, or a list of certificates
* @keyfile: is a file that contains the private key
* @type: is PEM or DER
* @pass: is the password of the key
* @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
*
* This function sets a certificate/private key pair in the
* gnutls_certificate_credentials_t type. This function may be
* called more than once, in case multiple keys/certificates exist for
* the server. For clients that need to send more than its own end
* entity certificate, e.g., also an intermediate CA cert, then the
* @certfile must contain the ordered certificate chain.
*
* Note that the names in the certificate provided will be considered
* when selecting the appropriate certificate to use (in case of multiple
* certificate/key pairs).
*
* This function can also accept URLs at @keyfile and @certfile. In that case it
* will use the private key and certificate indicated by the URLs. Note
* that the supported URLs are the ones indicated by gnutls_url_is_supported().
* Before GnuTLS 3.4.0 when a URL was specified, the @pass part was ignored and a
* PIN callback had to be registered, this is no longer the case in current releases.
*
* In case the @certfile is provided as a PKCS #11 URL, then the certificate, and its
* present issuers in the token are imported (i.e., forming the required trust chain).
*
* If that function fails to load the @res structure is at an undefined state, it must
* not be reused to load other keys or certificates.
*
* Note that, this function by default returns zero on success and a negative value on error.
* Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags()
* it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair.
*
* Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior).
*
**/
int
gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t res,
const char *certfile,
const char *keyfile,
gnutls_x509_crt_fmt_t type,
const char *pass, unsigned int flags)
{
int ret;
gnutls_privkey_t rkey;
/* this should be first
*/
if ((ret = _gnutls_read_key_file(res, keyfile, type, pass, flags, &rkey)) < 0)
return ret;
if ((ret = read_cert_file(res, rkey, certfile, type)) < 0) {
gnutls_privkey_deinit(rkey);
return ret;
}
res->ncerts++;
if ((ret = _gnutls_check_key_cert_match(res)) < 0) {
gnutls_assert();
return ret;
}
CRED_RET_SUCCESS(res);
}
/**
* gnutls_certificate_set_x509_key_file:
* @res: is a #gnutls_certificate_credentials_t structure.
* @certfile: is a file that containing the certificate list (path) for
* the specified private key, in PKCS7 format, or a list of certificates
* @keyfile: is a file that contains the private key
* @type: is PEM or DER
*
* This function sets a certificate/private key pair in the
* gnutls_certificate_credentials_t structure. This function may be
* called more than once (in case multiple keys/certificates exist for
* the server). For clients that wants to send more than its own end
* entity certificate (e.g., also an intermediate CA cert) then put
* the certificate chain in @certfile.
*
* Currently only PKCS-1 encoded RSA and DSA private keys are accepted by
* this function.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res,
const char *certfile,
const char *keyfile,
gnutls_x509_crt_fmt_t type)
{
int ret;
/* this should be first
*/
if ((ret = read_key_file (res, keyfile, type)) < 0)
return ret;
if ((ret = read_cert_file (res, certfile, type)) < 0)
return ret;
res->ncerts++;
if ((ret = _gnutls_check_key_cert_match (res)) < 0)
{
gnutls_assert ();
return ret;
}
return 0;
}
