gnutls_certificate_set_x509_key_mem2 — API function


#include <gnutls/gnutls.h>
int gnutls_certificate_set_x509_key_mem2( gnutls_certificate_credentials_t res,
  const gnutls_datum_t * cert,
  const gnutls_datum_t * key,
  gnutls_x509_crt_fmt_t type,
  const char * pass,
  unsigned int flags);


gnutls_certificate_credentials_t res

is a gnutls_certificate_credentials_t structure.

const gnutls_datum_t * cert

contains a certificate list (path) for the specified private key

const gnutls_datum_t * key

is the private key, or NULL

gnutls_x509_crt_fmt_t type

is PEM or DER

const char * pass

is the key's password

unsigned int flags

an ORed sequence of gnutls_pkcs_encrypt_flags_t


This function sets a certificate/private key pair in the gnutls_certificate_credentials_t structure. This function may be called more than once, in case multiple keys/certificates exist for the server.

Note that the keyUsage ( PKIX extension in X.509 certificates is supported. This means that certificates intended for signing cannot be used for ciphersuites that require encryption.

If the certificate and the private key are given in PEM encoding then the strings that hold their values must be null terminated.

The key may be NULL if you are using a sign callback, see gnutls_sign_callback_set().


GNUTLS_E_SUCCESS (0) on success, or a negative error code.


Report bugs to <>.

General guidelines for reporting bugs:

GnuTLS home page:


The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command

info gnutls

should give you access to the complete manual. As an alternative you may obtain the manual from:


Copyright © 2001-2013 Free Software Foundation, Inc..

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.