gnutls_x509_crt_import fails with INVALID REQUEST

[LATZE Carolin]

Hi everybody,

I wrote a very small client and server example using 

gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);

to read the client's certificate and key out of files. That lead to a 
successful handshake. Now I want to use the callback to choose the right client 
certificate during the handshake. In order to so, I replace the function above 
with

gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);

Furthermore, I defined a callback, that is really executed. Inside the 
callback, I wanted the read the same client certificate I used in the first 
example using the following functions out of the samples:


static gnutls_datum_t
load_file (const char *file)
{
  FILE *f;
  gnutls_datum_t loaded_file = { NULL, 0 };
  long filelen;
  void *ptr;

  if (!(f = fopen (file, "r"))
      || fseek (f, 0, SEEK_END) != 0
      || (filelen = ftell (f)) < 0
      || fseek (f, 0, SEEK_SET) != 0
      || !(ptr = malloc ((size_t) filelen))
      || fread (ptr, 1, (size_t) filelen, f) < (size_t) filelen)
    {
      return loaded_file;
    }

  loaded_file.data = ptr;
  loaded_file.size = (unsigned int) filelen;
  return loaded_file;
}

And afterwards:

static void
load_keys (void)
{
  int ret;
  gnutls_datum_t data;

  data = load_file (CERTFILE);
  if (data.data == NULL)
    {
      fprintf (stderr, "*** Error loading cert file.\n");
      exit (1);
    }
  gnutls_x509_crt_init (&crt);

  ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM);
  if (ret < 0)
    {
      fprintf (stderr, "*** Error loading cert file: %s\n",
               gnutls_strerror (ret));
      exit (1);
    }

and so on.... but gnutls_x509_crt_import fails with INVALID REQUEST.... Any 
ideas why? This is exactly the same certificate. certtool as well as the first 
example did not have any problem with that certificate so why does the import 
method?

Regards
Carolin