That flag allows to mark a certificate in the token as a CA (category==CA)
#define GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED (1<<8) /* The object must be marked as distrusted */
#define GNUTLS_PKCS11_OBJ_FLAG_COMPARE (1<<9) /* The object must be fully compared */
#define GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE (1<<10) /* The object must be present in a marked as trusted module */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_CA (1<<11) /* object marked as CA */
/**
* gnutls_pkcs11_url_type_t:
ck_certificate_type_t type = CKC_X_509;
ck_object_handle_t obj;
int a_val;
+ unsigned long category;
struct pkcs11_session_info sinfo;
PKCS11_CHECK_INIT;
a_val++;
}
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) {
+ category = 2;
+ a[a_val].type = CKA_CERTIFICATE_CATEGORY;
+ a[a_val].value = (void *) &category;
+ a[a_val].value_len = sizeof(category);
+ a_val++;
+ }
+
if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
a[a_val].type = CKA_TRUSTED;
a[a_val].value = (void *) &tval;