[gnutls-help] GnuTLS equivalent of OpenSSL's OSSL_STORE

Graham Leggett minfrin at sharp.fm
Sun Dec 24 12:31:26 CET 2023


Hi all,

I am currently patching OpenLDAP to support OpenSSL's OSSL_STORE, which can be summarised as “enumerate a store represented by an URL”, and I need to emulate the same behaviour with GnuTLS.

I’ve found gnutls_url_is_supported(), which will tell me if GnuTLS understands a URL. Is there a function that can enumerate an URL?

The closest two I have found are gnutls_pkcs11_obj_list_import_url4() and gnutls_tpm_get_registered(), but these force the calling code to know about the implementations of pkcs11 and TPM.

The gnutls_privkey_import_url() function will import a private key, but that assumes outside knowledge that the URL points at a key, and not say a certificate. In the OpenSSL case an URL is opened, and whatever found there is read and enumerated, and OpenSSL tells you what it found. Is the same possible in GnuTLS?

Regards,
Graham
—




More information about the Gnutls-help mailing list