|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_certificate_set_rawpk_key_file} (gnutls_certificate_credentials_t @var{cred}, const char* @var{rawpkfile}, const char* @var{privkeyfile}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{privkey_flags}, unsigned int @var{pkcs11_flags})
|
|
Packit Service |
4684c1 |
@var{cred}: is a @code{gnutls_certificate_credentials_t} type.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{rawpkfile}: contains a raw public key in
|
|
Packit Service |
4684c1 |
PKIX.SubjectPublicKeyInfo format.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{privkeyfile}: contains a file path to a private key.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{format}: encoding of the keys. DER or PEM.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pass}: an optional password to unlock the private key privkeyfile.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{key_usage}: an ORed sequence of @code{GNUTLS_KEY_} * flags.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{names}: is an array of DNS names belonging to the public-key (NULL if none).
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{names_length}: holds the length of the names list.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{privkey_flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} .
|
|
Packit Service |
4684c1 |
These apply to the private key pkey.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{pkcs11_flags}: one of gnutls_pkcs11_obj_flags. These apply to URLs.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function sets a public/private keypair read from file in the
|
|
Packit Service |
4684c1 |
@code{gnutls_certificate_credentials_t} type to be used for authentication
|
|
Packit Service |
4684c1 |
and/or encryption. @code{spki} and @code{privkey} should match otherwise set
|
|
Packit Service |
4684c1 |
signatures cannot be validated. In case of no match this function
|
|
Packit Service |
4684c1 |
returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should
|
|
Packit Service |
4684c1 |
be called once for the client because there is currently no mechanism
|
|
Packit Service |
4684c1 |
to determine which raw public-key to select for the peer when there
|
|
Packit Service |
4684c1 |
are multiple present. Multiple raw public keys for the server can be
|
|
Packit Service |
4684c1 |
distinghuished by setting the @code{names} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note here that @code{spki} is a raw public-key as defined
|
|
Packit Service |
4684c1 |
in RFC7250. It means that there is no surrounding certificate that
|
|
Packit Service |
4684c1 |
holds the public key and that there is therefore no direct mechanism
|
|
Packit Service |
4684c1 |
to prove the authenticity of this key. The keypair can be used during
|
|
Packit Service |
4684c1 |
a TLS handshake but its authenticity should be established via a
|
|
Packit Service |
4684c1 |
different mechanism (e.g. TOFU or known fingerprint).
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The supported formats are basic unencrypted key, PKCS8, PKCS12,
|
|
Packit Service |
4684c1 |
and the openssl format and will be autodetected.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If the raw public-key and the private key are given in PEM encoding
|
|
Packit Service |
4684c1 |
then the strings that hold their values must be null terminated.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly
|
|
Packit Service |
4684c1 |
set because there is no certificate structure around the key to define
|
|
Packit Service |
4684c1 |
this value. See for more info @code{gnutls_x509_crt_get_key_usage()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that, this function by default returns zero on success and a
|
|
Packit Service |
4684c1 |
negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2}
|
|
Packit Service |
4684c1 |
is set using @code{gnutls_certificate_set_flags()} it returns an index
|
|
Packit Service |
4684c1 |
(greater or equal to zero). That index can be used in other functions
|
|
Packit Service |
4684c1 |
to refer to the added key-pair.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the
|
|
Packit Service |
4684c1 |
key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned,
|
|
Packit Service |
4684c1 |
in other erroneous cases a different negative error code is returned.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.6
|
|
Packit Service |
4684c1 |
@end deftypefun
|