gnutls_x509_crl_sign2 — API function


#include <gnutls/x509.h>
int gnutls_x509_crl_sign2( gnutls_x509_crl_t crl,
  gnutls_x509_crt_t issuer,
  gnutls_x509_privkey_t issuer_key,
  gnutls_digest_algorithm_t dig,
  unsigned int flags);


gnutls_x509_crl_t crl

should contain a gnutls_x509_crl_t structure

gnutls_x509_crt_t issuer

is the certificate of the certificate issuer

gnutls_x509_privkey_t issuer_key

holds the issuer's private key

gnutls_digest_algorithm_t dig

The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.

unsigned int flags

must be 0


This function will sign the CRL with the issuer's private key, and will copy the issuer's information into the CRL.

This must be the last step in a certificate CRL since all the previously set parameters are now signed.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.


Report bugs to <>.

General guidelines for reporting bugs:

GnuTLS home page:


The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command

info gnutls

should give you access to the complete manual. As an alternative you may obtain the manual from:


Copyright © 2001-2013 Free Software Foundation, Inc..

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.