gnutls_x509_crt_import fails with INVALID REQUEST

LATZE Carolin carolin.latze at
Mon Jan 11 16:48:38 CET 2010

BTW... I am using GnuTLS 2.8.5
From: LATZE Carolin
Sent: Monday, January 11, 2010 4:48 PM
To: help-gnutls at
Subject: gnutls_x509_crt_import  fails with INVALID REQUEST

Hi everybody,

I wrote a very small client and server example using


to read the client's certificate and key out of files. That lead to a successful handshake. Now I want to use the callback to choose the right client certificate during the handshake. In order to so, I replace the function above with

gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);

Furthermore, I defined a callback, that is really executed. Inside the callback, I wanted the read the same client certificate I used in the first example using the following functions out of the samples:

static gnutls_datum_t
load_file (const char *file)
  FILE *f;
  gnutls_datum_t loaded_file = { NULL, 0 };
  long filelen;
  void *ptr;

  if (!(f = fopen (file, "r"))
      || fseek (f, 0, SEEK_END) != 0
      || (filelen = ftell (f)) < 0
      || fseek (f, 0, SEEK_SET) != 0
      || !(ptr = malloc ((size_t) filelen))
      || fread (ptr, 1, (size_t) filelen, f) < (size_t) filelen)
      return loaded_file;
    } = ptr;
  loaded_file.size = (unsigned int) filelen;
  return loaded_file;

And afterwards:

static void
load_keys (void)
  int ret;
  gnutls_datum_t data;

  data = load_file (CERTFILE);
  if ( == NULL)
      fprintf (stderr, "*** Error loading cert file.\n");
      exit (1);
  gnutls_x509_crt_init (&crt);

  ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM);
  if (ret < 0)
      fprintf (stderr, "*** Error loading cert file: %s\n",
               gnutls_strerror (ret));
      exit (1);

and so on.... but gnutls_x509_crt_import fails with INVALID REQUEST.... Any ideas why? This is exactly the same certificate. certtool as well as the first example did not have any problem with that certificate so why does the import method?


More information about the Gnutls-help mailing list