gnutls_certificate_set_flags - Linux


gnutls_certificate_set_flags() sets the flags in a certificate. This function can be used to set various options, such as whether the certificate is trusted or not.


gnutls_certificate_set_flags(certificate, flags);
  • certificate: Pointer to the certificate to set the flags of.
  • flags: The flags to set in the certificate.


The following flags can be set in a certificate:

  • GNUTLS_CERT_INVALID: The certificate is invalid.
  • GNUTLS_CERT_SIGNER_ERROR: The certificate was signed by an untrusted signer.
  • GNUTLS_CERT_NOT_TRUSTED: The certificate is not trusted.
  • GNUTLS_CERT_REVOKED: The certificate has been revoked.
  • GNUTLS_CERT_INSECURE_ALGORITHM: The certificate uses an insecure algorithm.
  • GNUTLS_CERT_EXPIRED: The certificate has expired.
  • GNUTLS_CERT_NOT_YET_VALID: The certificate is not yet valid.
  • GNUTLS_CERT_NO_CRL: The certificate does not have a corresponding CRL.
  • GNUTLS_CERT_NO_OCSP: The certificate does not have a corresponding OCSP responder.
  • GNUTLS_CERT_IMPORTED: The certificate has been imported from a file.


The following code sets the GNUTLS_CERT_INVALID flag in a certificate:

gnutls_certificate_set_flags(certificate, GNUTLS_CERT_INVALID);

The following code sets the GNUTLS_CERT_NOT_TRUSTED and GNUTLS_CERT_EXPIRED flags in a certificate:

gnutls_certificate_set_flags(certificate, GNUTLS_CERT_NOT_TRUSTED | GNUTLS_CERT_EXPIRED);

Common Issues

One common issue that can occur when setting the flags in a certificate is that the flags may not be set correctly. This can happen if the flags are not set in the correct order, or if the flags are set to an invalid value.


gnutls_certificate_set_flags() can be used in conjunction with other GnuTLS functions to manage certificates. For example, gnutls_certificate_get_flags() can be used to get the flags that are currently set in a certificate.

Related Commands

  • gnutls_certificate_get_flags()
  • gnutls_certificate_set_ocsp_responder()
  • gnutls_certificate_set_crl()