since: 2.28


g_tls_certificate_new_from_pem (
  const gchar* data,
  gssize length,
  GError** error


Creates a GTlsCertificate from the PEM-encoded data in data. If data includes both a certificate and a private key, then the returned certificate will include the private key data as well. (See the GTlsCertificate:private-key-pem property for information about supported formats.)

The returned certificate will be the first certificate found in data. As of GLib 2.44, if data contains more certificates it will try to load a certificate chain. All certificates will be verified in the order found (top-level certificate should be the last one in the file) and the GTlsCertificate:issuer property of each certificate will be set accordingly if the verification succeeds. If any certificate in the chain cannot be verified, the first certificate in the file will still be returned.

Available since: 2.28



Type: const gchar*

PEM-encoded certificate data.

The data is owned by the caller of the function.
The value is a NUL terminated UTF-8 string.

Type: gssize

The length of data, or -1 if it’s 0-terminated.


Type: GError **

The return location for a recoverable error.

The argument can be NULL.
If the return location is not NULL, then you must initialize it to a NULL GError*.
The argument will left initialized to NULL by the constructor if there are no errors.
In case of error, the argument will be set to a newly allocated GError; the caller will take ownership of the data, and be responsible for freeing it.

Return value

Type: GTlsCertificate

The new certificate, or NULL if data is invalid.

The caller of the function takes ownership of the data, and is responsible for freeing it.