gnutls_certificate_set_x509_crl - Linux


gnutls_certificate_set_x509_crl is a function used to set the X.509 Certificate Revocation List (CRL) for a TLS/SSL connection. This allows a server to inform a client about revoked certificates.


gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t x509_cred, const char *filename)


  • filename: Path to the file containing the CRL in PEM format.


Simple Usage

#include <gnutls/gnutls.h>

gnutls_certificate_credentials_t x509_cred;
gnutls_certificate_set_x509_crl(x509_cred, "/path/to/crl.pem");

Setting CRL from String

#include <gnutls/gnutls.h>

gnutls_certificate_credentials_t x509_cred;
const char *crl_pem = "...";
gnutls_certificate_set_x509_crl_memory(x509_cred, crl_pem, strlen(crl_pem));

Common Issues

  • Invalid CRL Format: Ensure the CRL file is in PEM format.
  • Malformed CRL: The CRL should adhere to the X.509 CRL specification.
  • CRL Not Signed by Trusted CA: The CRL must be signed by a trusted Certificate Authority.


gnutls_certificate_set_x509_crl can be integrated with other GnuTLS functions to establish TLS/SSL connections that support CRL checking. For example:

#include <gnutls/gnutls.h>

int main() {
  gnutls_certificate_credentials_t x509_cred;
  gnutls_certificate_set_x509_crl(x509_cred, "crl.pem");

  gnutls_init(NULL, NULL);
  gnutls_session_t session = gnutls_create_session();
  ... // Configure TLS/SSL parameters

  gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);

  ... // Establish and handle TLS/SSL connection

Related Commands

  • gnutls_certificate_set_x509_trust_file: Set trusted CA Certificates from a file.
  • gnutls_certificate_set_x509_crl_memory: Set CRL from a memory buffer.
  • gnutls_certificate_set_x509_ocsp_status_request: Request OCSP status information for a certificate.