gnutls_certificate_set_x509_simple_pkcs12_mem − API function


, const gnutls_datum_t * int

gnutls_certificate_credentials_t res
            is a gnutls_certificate_credentials_t type.

const gnutls_datum_t * p12blob
            the PKCS12 blob.

gnutls_x509_crt_fmt_t type
            is PEM or DER of the  pkcs12file .

const char * password
            optional password used to decrypt PKCS12 file,
            bags and keys.

This function sets a certificate/private key pair and/or a
CRL in the gnutls_certificate_credentials_t type.  This
function may be called more than once (in case multiple
keys/certificates exist for the server).

Encrypted PKCS12 bags and PKCS8 private keys are supported.
However, only password based security, and the same password
for all operations, are supported.

PKCS12 file may contain many keys and/or certificates, and
this function will try to auto−detect based on the key ID
the certificate and key pair to use. If the PKCS12 file
contain the issuer of the selected certificate, it will be
appended to the certificate to form a chain.

If more than one private keys are stored in the PKCS12 file,
then only one key will be read (and it is undefined which

It is believed that the limitations of this function is
acceptable for most usage, and that any more flexibility
would introduce complexity that would make it harder to use
this functionality at all.

GNUTLS_E_SUCCESS (0) on success, or a negative error code.



Report bugs to <>.
Home page:

Copyright © 2001‐2016 Free Software Foundation, Inc., and
Copying and distribution of this file, with or without
modification, are permitted in any medium without royalty
provided the copyright notice and this notice are preserved.

The full documentation for gnutls is maintained as a Texinfo
manual.  If the /usr/share/doc/gnutls/ directory does not
contain the HTML form visit