Provided by: gnutls-doc_3.8.3-1.1ubuntu3.4_all bug

NAME
       gnutls_pkcs12_simple_parse - API function


SYNOPSIS
       #include <gnutls/pkcs12.h>

       int  gnutls_pkcs12_simple_parse(gnutls_pkcs12_t  p12, const char * password, gnutls_x509_privkey_t * key,
       gnutls_x509_crt_t ** chain, unsigned int * chain_len, gnutls_x509_crt_t ** extra_certs,  unsigned  int  *
       extra_certs_len, gnutls_x509_crl_t * crl, unsigned int flags);


ARGUMENTS
       gnutls_pkcs12_t p12
                   A pkcs12 type

       const char * password
                   optional password used to decrypt the structure, bags and keys.

       gnutls_x509_privkey_t * key
                   a structure to store the parsed private key.

       gnutls_x509_crt_t ** chain
                   the corresponding to key certificate chain (may be NULL)

       unsigned int * chain_len
                   will be updated with the number of additional (may be NULL)

       gnutls_x509_crt_t ** extra_certs
                   optional pointer to receive an array of additional certificates found in the PKCS12 structure
                   (may be NULL).

       unsigned int * extra_certs_len
                   will be updated with the number of additional certs (may be NULL).

       gnutls_x509_crl_t * crl
                   an optional structure to store the parsed CRL (may be NULL).

       unsigned int flags
                   should be zero or one of GNUTLS_PKCS12_SP_*


DESCRIPTION
       This  function  parses  a  PKCS12  structure  in   pkcs12 and extracts the private key, the corresponding
       certificate chain, any additional certificates and a CRL. The structures in  key  ,   chain   crl  ,  and
       extra_certs must not be initialized.

       The   extra_certs  and  extra_certs_len parameters are optional and both may be set to NULL. If either is
       non-NULL, then both must be set. The value for  extra_certs is allocated using gnutls_malloc().

       Encrypted PKCS12 bags and PKCS8 private keys are supported, but only with password based security and the
       same password for all operations.

       Note that a PKCS12 structure may contain many keys and/or certificates, and there is no way  to  identify
       which  key/certificate  pair  you  want.   For  this reason this function is useful for PKCS12 files that
       contain only one key/certificate pair and/or one CRL.

       If the provided structure has encrypted fields but no password is provided  then  this  function  returns
       GNUTLS_E_DECRYPTION_FAILED.

       Note  that  normally the chain constructed does not include self signed certificates, to comply with TLS'
       requirements. If, however, the flag GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED is specified  then  self  signed
       certificates will be included in the chain.

       Prior   to   using   this   function   the   PKCS   12   structure   integrity  must  be  verified  using
       gnutls_pkcs12_verify_mac().


RETURNS
       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.


SINCE
       3.1.0


REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org


COPYRIGHT
       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are permitted in any medium  without
       royalty provided the copyright notice and this notice are preserved.


SEE ALSO
       The  full  documentation  for  gnutls  is  maintained as a Texinfo manual.  If the /usr/share/doc/gnutls/
       directory does not contain the HTML form visit

       https://www.gnutls.org/manual/

gnutls                                                3.8.3                        gnutls_pkcs12_simple_parse(3)