gnutls_x509_crl_sign2 man page

gnutls_x509_crl_sign2 — API function


#include <gnutls/x509.h>

int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags);


gnutls_x509_crl_t crl
should contain a gnutls_x509_crl_t type
gnutls_x509_crt_t issuer
is the certificate of the certificate issuer
gnutls_x509_privkey_t issuer_key
holds the issuer's private key
gnutls_digest_algorithm_t dig
The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing.
unsigned int flags
must be 0


This function will sign the CRL with the issuer's private key, and will copy the issuer's information into the CRL.

This must be the last step in a certificate CRL since all the previously set parameters are now signed.

A known limitation of this function is, that a newly-signed CRL will not be fully functional (e.g., for signature verification), until it is exported an re-imported.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Reporting Bugs

Report bugs to <>.
Home page:

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit


3.5.8 gnutls gnutls