1gnutls_pkcs12_simple_parse(3)       gnutls       gnutls_pkcs12_simple_parse(3)
2
3
4

NAME

6       gnutls_pkcs12_simple_parse - API function
7

SYNOPSIS

9       #include <gnutls/pkcs12.h>
10
11       int  gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, const char * pass‐
12       word, gnutls_x509_privkey_t * key, gnutls_x509_crt_t ** chain, unsigned
13       int  *  chain_len, gnutls_x509_crt_t ** extra_certs, unsigned int * ex‐
14       tra_certs_len, gnutls_x509_crl_t * crl, unsigned int flags);
15

ARGUMENTS

17       gnutls_pkcs12_t p12
18                   A pkcs12 type
19
20       const char * password
21                   optional password used to decrypt the structure,  bags  and
22                   keys.
23
24       gnutls_x509_privkey_t * key
25                   a structure to store the parsed private key.
26
27       gnutls_x509_crt_t ** chain
28                   the corresponding to key certificate chain (may be NULL)
29
30       unsigned int * chain_len
31                   will be updated with the number of additional (may be NULL)
32
33       gnutls_x509_crt_t ** extra_certs
34                   optional pointer to receive an array of additional certifi‐
35                   cates found in the PKCS12 structure (may be NULL).
36
37       unsigned int * extra_certs_len
38                   will be updated with the number of additional certs (may be
39                   NULL).
40
41       gnutls_x509_crl_t * crl
42                   an  optional  structure  to  store  the  parsed CRL (may be
43                   NULL).
44
45       unsigned int flags
46                   should be zero or one of GNUTLS_PKCS12_SP_*
47

DESCRIPTION

49       This function parses a PKCS12 structure in   pkcs12  and  extracts  the
50       private  key,  the corresponding certificate chain, any additional cer‐
51       tificates and a CRL. The structures in  key ,  chain  crl  ,  and   ex‐
52       tra_certs must not be initialized.
53
54       The   extra_certs and  extra_certs_len parameters are optional and both
55       may be set to NULL. If either is non-NULL, then both must be  set.  The
56       value for  extra_certs is allocated using gnutls_malloc().
57
58       Encrypted  PKCS12  bags  and PKCS8 private keys are supported, but only
59       with password based security and the same password for all operations.
60
61       Note that a PKCS12 structure may contain many keys and/or certificates,
62       and  there  is  no way to identify which key/certificate pair you want.
63       For this reason this function is useful for PKCS12 files  that  contain
64       only one key/certificate pair and/or one CRL.
65
66       If  the provided structure has encrypted fields but no password is pro‐
67       vided then this function returns GNUTLS_E_DECRYPTION_FAILED.
68
69       Note that normally the chain constructed does not include  self  signed
70       certificates,  to  comply with TLS' requirements. If, however, the flag
71       GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED is specified then self signed cer‐
72       tificates will be included in the chain.
73
74       Prior  to  using  this function the PKCS 12 structure integrity must be
75       verified using gnutls_pkcs12_verify_mac().
76

RETURNS

78       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative  er‐
79       ror value.
80

SINCE

82       3.1.0
83

REPORTING BUGS

85       Report bugs to <bugs@gnutls.org>.
86       Home page: https://www.gnutls.org
87
88
90       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
91       Copying  and  distribution  of this file, with or without modification,
92       are permitted in any medium without royalty provided the copyright  no‐
93       tice and this notice are preserved.
94

SEE ALSO

96       The  full  documentation  for gnutls is maintained as a Texinfo manual.
97       If the /usr/share/doc/gnutls/ directory does not contain the HTML  form
98       visit
99
100       https://www.gnutls.org/manual/
101
102gnutls                               3.8.2       gnutls_pkcs12_simple_parse(3)
Impressum