Provided by: gnutls-doc_3.6.9-5ubuntu1_all bug


       gnutls_x509_crt_privkey_sign - API function


       #include <gnutls/abstract.h>

       int    gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t   crt,   gnutls_x509_crt_t   issuer,
       gnutls_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags);


       gnutls_x509_crt_t crt
                   a certificate of type gnutls_x509_crt_t

       gnutls_x509_crt_t issuer
                   is the certificate of the certificate issuer

       gnutls_privkey_t issuer_key
                   holds the issuer's private key

       gnutls_digest_algorithm_t dig
                   The message digest to use, GNUTLS_DIG_SHA256 is a safe choice

       unsigned int flags
                   must be 0


       This function will sign the certificate with the issuer's private key, and will  copy  the
       issuer's information into the certificate.

       This  must  be  the  last  step  in  a certificate generation since all the previously set
       parameters are now signed.

       A known limitation of this function is, that a newly-signed certificate will not be  fully
       functional (e.g., for signature verification), until it is exported an re-imported.

       After  GnuTLS  3.6.1  the  value  of   dig  may be GNUTLS_DIG_UNKNOWN, and in that case, a
       suitable but reasonable for the key algorithm will be selected.


       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.


       Report bugs to <>.
       Home page:


       Copyright © 2001-2019 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are permitted in  any
       medium without royalty provided the copyright notice and this notice are preserved.


       The   full   documentation  for  gnutls  is  maintained  as  a  Texinfo  manual.   If  the
       /usr/share/doc/gnutls/ directory does not contain the HTML form visit