Next: p11tool Invocation, Previous: Writing objects, Up: Smart cards and HSMs [Contents][Index]
It is possible to use a PKCS #11 token to a TLS session, as shown in ex-pkcs11-client. In addition the following functions can be used to load PKCS #11 key and certificates by specifying a PKCS #11 URL instead of a filename.
int gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t cred, const char * cafile, gnutls_x509_crt_fmt_t type)int gnutls_certificate_set_x509_key_file2 (gnutls_certificate_credentials_t res, const char * certfile, const char * keyfile, gnutls_x509_crt_fmt_t type, const char * pass, unsigned int flags)cred: is a gnutls_certificate_credentials_t type.
This function adds the system’s default trusted CAs in order to verify client or server certificates.
In the case the system is currently unsupported GNUTLS_E_UNIMPLEMENTED_FEATURE
is returned.
Returns: the number of certificates processed or a negative error code on error.
Since: 3.0.20