gnutls_x509_crl_privkey_sign - API function
int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl,
gnutls_x509_crt_t issuer, gnutls_privkey_t
issuer_key, gnutls_digest_algorithm_t dig,
unsigned int flags);
- gnutls_x509_crl_t crl
- should contain a gnutls_x509_crl_t type
- gnutls_x509_crt_t issuer
- is the certificate of the certificate issuer
- gnutls_privkey_t issuer_key
- holds the issuer's private key
- gnutls_digest_algorithm_t dig
- The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you
know what you're doing.
- unsigned int flags
- must be 0
This function will sign the CRL with the issuer's private key, and will copy the
issuer's information into the CRL.
This must be the last step in a certificate CRL since all the previously set
parameters are now signed.
A known limitation of this function is, that a newly-signed CRL will not be
fully functional (e.g., for signature verification), until it is exported an
After GnuTLS 3.6.1 the value of dig
may be GNUTLS_DIG_UNKNOWN
in that case, a suitable but reasonable for the key algorithm will be
On success, GNUTLS_E_SUCCESS
(0) is returned, otherwise a negative error
Report bugs to <firstname.lastname@example.org>.
Home page: https://www.gnutls.org
Copyright © 2001-2019 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and this
notice are preserved.
The full documentation for gnutls
is maintained as a Texinfo manual. If
the /usr/share/doc/gnutls/ directory does not contain the HTML form visit