gnutls_pkcs11_get_raw_issuer_by_subject_key_id — API function


#include <gnutls/pkcs11.h>

int gnutls_pkcs11_get_raw_issuer_by_subject_key_id(const char * url, const gnutls_datum_t * dn, const gnutls_datum_t * spki, gnutls_datum_t * issuer, gnutls_x509_crt_fmt_t fmt, unsigned int flags);


const char * url
A PKCS 11 url identifying a token
const gnutls_datum_t * dn
is the DN to search for (may be NULL)
const gnutls_datum_t * spki
is the subject key ID to search for
gnutls_datum_t * issuer
Will hold the issuer if any in an allocated buffer.
gnutls_x509_crt_fmt_t fmt
The format of the exported issuer.
unsigned int flags
Use zero or flags from GNUTLS_PKCS11_OBJ_FLAG.


This function will return the certificate with the given DN and spki , if it is stored in the token. By default only marked as trusted issuers are retuned. If any issuer should be returned specify GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in flags .

The name of the function includes issuer because it can be used to discover issuers of certificates.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.



Reporting Bugs

Report bugs to <>.
Home page:

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit


3.5.8 gnutls gnutls