Constructor

GioTlsCertificatenew_from_pkcs11_uris

since: 2.68

Declaration [src]

GTlsCertificate*
g_tls_certificate_new_from_pkcs11_uris (
  const gchar* pkcs11_uri,
  const gchar* private_key_pkcs11_uri,
  GError** error
)

Description [src]

Creates a GTlsCertificate from a PKCS #11 URI.

An example pkcs11_uri would be pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=01“

Where the token’s layout is:

Object 0:
  URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=private%20key;type=private
  Type: Private key (RSA-2048)
  ID: 01

Object 1:
  URL: pkcs11:model=Model;manufacturer=Manufacture;serial=1;token=My%20Client%20Certificate;id=%01;object=Certificate%20for%20Authentication;type=cert
  Type: X.509 Certificate (RSA-2048)
  ID: 01

In this case the certificate and private key would both be detected and used as expected. pkcs_uri may also just reference an X.509 certificate object and then optionally private_key_pkcs11_uri allows using a private key exposed under a different URI.

Note that the private key is not accessed until usage and may fail or require a PIN later.

Available since: 2.68

Parameters

pkcs11_uri

Type: const gchar*

A PKCS #11 URI.

The data is owned by the caller of the function.

The value is a NUL terminated UTF-8 string.

private_key_pkcs11_uri

Type: const gchar*

A PKCS #11 URI.

The argument can be NULL.

The data is owned by the caller of the function.

The value is a NUL terminated UTF-8 string.

error

Type: GError **

The return location for a recoverable error.

The argument can be NULL.

If the return location is not NULL, then you must initialize it to a NULL GError*.

The argument will be left initialized to NULL by the constructor if there are no errors.

In case of error, the argument will be set to a newly allocated GError; the caller will take ownership of the data, and be responsible for freeing it.

Return value

Type: GTlsCertificate

The new certificate, or NULL on error.

The caller of the function takes ownership of the data, and is responsible for freeing it.