8 files changed, 206 insertions, 155 deletions

diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index 866e5ac361..5846f2ff9b 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -1,7 +1,7 @@
 /* File generated by GAA 1.6.0
  */
 #define GAA_NO_WIN32
-#line 85 "cli.gaa"
+#line 88 "cli.gaa"
 
 /* C declarations */
 
@@ -112,6 +112,7 @@ void gaa_help(void)
 {
 	printf("gnutls-cli help\nUsage: gnutls-cli [options] hostname""\n");
 	__gaa_helpsingle('r', "resume", "", "Connect, establish a session. Connect again and resume this session.");
+	__gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates");
 	__gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key.");
 	__gaa_helpsingle('p', "port", """integer"" ", "The port to connect to.");
 	__gaa_helpsingle(0, "recordsize", """integer"" ", "The maximum record size to advertize.");
@@ -146,58 +147,60 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 72 "cli.gaa"
+#line 75 "cli.gaa"
 	char **rest_args;
-#line 71 "cli.gaa"
+#line 74 "cli.gaa"
 	int nrest_args;
-#line 64 "cli.gaa"
+#line 67 "cli.gaa"
 	char *srp_passwd;
-#line 61 "cli.gaa"
+#line 64 "cli.gaa"
 	char *srp_username;
-#line 58 "cli.gaa"
+#line 61 "cli.gaa"
 	char *x509_certfile;
-#line 55 "cli.gaa"
+#line 58 "cli.gaa"
 	char *x509_keyfile;
-#line 52 "cli.gaa"
+#line 55 "cli.gaa"
 	char *pgp_certfile;
-#line 49 "cli.gaa"
+#line 52 "cli.gaa"
 	char *pgp_trustdb;
-#line 46 "cli.gaa"
+#line 49 "cli.gaa"
 	char *pgp_keyring;
-#line 43 "cli.gaa"
+#line 46 "cli.gaa"
 	char *pgp_keyfile;
-#line 40 "cli.gaa"
+#line 43 "cli.gaa"
 	char *x509_cafile;
-#line 37 "cli.gaa"
+#line 40 "cli.gaa"
 	char **ctype;
-#line 36 "cli.gaa"
+#line 39 "cli.gaa"
 	int nctype;
-#line 33 "cli.gaa"
+#line 36 "cli.gaa"
 	char **kx;
-#line 32 "cli.gaa"
+#line 35 "cli.gaa"
 	int nkx;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
 	char **macs;
-#line 28 "cli.gaa"
+#line 31 "cli.gaa"
 	int nmacs;
-#line 25 "cli.gaa"
+#line 28 "cli.gaa"
 	char **comp;
-#line 24 "cli.gaa"
+#line 27 "cli.gaa"
 	int ncomp;
-#line 21 "cli.gaa"
+#line 24 "cli.gaa"
 	char **proto;
-#line 20 "cli.gaa"
+#line 23 "cli.gaa"
 	int nproto;
-#line 17 "cli.gaa"
+#line 20 "cli.gaa"
 	char **ciphers;
-#line 16 "cli.gaa"
+#line 19 "cli.gaa"
 	int nciphers;
-#line 12 "cli.gaa"
+#line 15 "cli.gaa"
 	int record_size;
-#line 9 "cli.gaa"
+#line 12 "cli.gaa"
 	int port;
-#line 6 "cli.gaa"
+#line 9 "cli.gaa"
 	int fingerprint;
+#line 6 "cli.gaa"
+	int fmtder;
 #line 3 "cli.gaa"
 	int resume;
 
@@ -254,7 +257,7 @@ int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           21
+#define GAA_NB_OPTION           22
 #define GAAOPTID_help	1
 #define GAAOPTID_list	2
 #define GAAOPTID_srppasswd	3
@@ -275,7 +278,8 @@ int gaa_error = 0;
 #define GAAOPTID_recordsize	18
 #define GAAOPTID_port	19
 #define GAAOPTID_fingerprint	20
-#define GAAOPTID_resume	21
+#define GAAOPTID_x509fmtder	21
+#define GAAOPTID_resume	22
 
 #line 168 "gaa.skel"
 
@@ -622,6 +626,7 @@ int gaa_get_option_num(char *str, int status)
 			GAA_CHECK1STR("h", GAAOPTID_help);
 			GAA_CHECK1STR("l", GAAOPTID_list);
 			GAA_CHECK1STR("f", GAAOPTID_fingerprint);
+			GAA_CHECK1STR("", GAAOPTID_x509fmtder);
 			GAA_CHECK1STR("r", GAAOPTID_resume);
 
 #line 277 "gaa.skel"
@@ -647,6 +652,7 @@ int gaa_get_option_num(char *str, int status)
 			GAA_CHECKSTR("recordsize", GAAOPTID_recordsize);
 			GAA_CHECKSTR("port", GAAOPTID_port);
 			GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint);
+			GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder);
 			GAA_CHECKSTR("resume", GAAOPTID_resume);
 
 #line 281 "gaa.skel"
@@ -699,14 +705,14 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
 	case GAAOPTID_help:
 	OK = 0;
-#line 69 "cli.gaa"
+#line 72 "cli.gaa"
 { gaa_help(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_list:
 	OK = 0;
-#line 68 "cli.gaa"
+#line 71 "cli.gaa"
 { print_list(); exit(0); ;};
 
 		return GAA_OK;
@@ -716,7 +722,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1);
 		gaa_index++;
-#line 65 "cli.gaa"
+#line 68 "cli.gaa"
 { gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;};
 
 		return GAA_OK;
@@ -726,7 +732,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1);
 		gaa_index++;
-#line 62 "cli.gaa"
+#line 65 "cli.gaa"
 { gaaval->srp_username = GAATMP_srpusername.arg1 ;};
 
 		return GAA_OK;
@@ -736,7 +742,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1);
 		gaa_index++;
-#line 59 "cli.gaa"
+#line 62 "cli.gaa"
 { gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;};
 
 		return GAA_OK;
@@ -746,7 +752,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1);
 		gaa_index++;
-#line 56 "cli.gaa"
+#line 59 "cli.gaa"
 { gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;};
 
 		return GAA_OK;
@@ -756,7 +762,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1);
 		gaa_index++;
-#line 53 "cli.gaa"
+#line 56 "cli.gaa"
 { gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;};
 
 		return GAA_OK;
@@ -766,7 +772,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgptrustdb.arg1, gaa_getstr, GAATMP_pgptrustdb.size1);
 		gaa_index++;
-#line 50 "cli.gaa"
+#line 53 "cli.gaa"
 { gaaval->pgp_keyring = GAATMP_pgptrustdb.arg1 ;};
 
 		return GAA_OK;
@@ -776,7 +782,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1);
 		gaa_index++;
-#line 47 "cli.gaa"
+#line 50 "cli.gaa"
 { gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;};
 
 		return GAA_OK;
@@ -786,7 +792,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1);
 		gaa_index++;
-#line 44 "cli.gaa"
+#line 47 "cli.gaa"
 { gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;};
 
 		return GAA_OK;
@@ -796,7 +802,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1);
 		gaa_index++;
-#line 41 "cli.gaa"
+#line 44 "cli.gaa"
 { gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;};
 
 		return GAA_OK;
@@ -804,7 +810,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_ctypes:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1);
-#line 38 "cli.gaa"
+#line 41 "cli.gaa"
 { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
 
 		return GAA_OK;
@@ -812,7 +818,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_kx:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1);
-#line 34 "cli.gaa"
+#line 37 "cli.gaa"
 { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
 
 		return GAA_OK;
@@ -820,7 +826,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_macs:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1);
-#line 30 "cli.gaa"
+#line 33 "cli.gaa"
 { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
 
 		return GAA_OK;
@@ -828,7 +834,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_comp:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1);
-#line 26 "cli.gaa"
+#line 29 "cli.gaa"
 { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
 
 		return GAA_OK;
@@ -836,7 +842,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_protocols:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1);
-#line 22 "cli.gaa"
+#line 25 "cli.gaa"
 { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;};
 
 		return GAA_OK;
@@ -844,7 +850,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_ciphers:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1);
-#line 18 "cli.gaa"
+#line 21 "cli.gaa"
 { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;};
 
 		return GAA_OK;
@@ -854,7 +860,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1);
 		gaa_index++;
-#line 13 "cli.gaa"
+#line 16 "cli.gaa"
 { gaaval->record_size = GAATMP_recordsize.arg1 ;};
 
 		return GAA_OK;
@@ -864,18 +870,25 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_port.arg1, gaa_getint, GAATMP_port.size1);
 		gaa_index++;
-#line 10 "cli.gaa"
+#line 13 "cli.gaa"
 { gaaval->port = GAATMP_port.arg1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_fingerprint:
 	OK = 0;
-#line 7 "cli.gaa"
+#line 10 "cli.gaa"
 { gaaval->fingerprint = 1 ;};
 
 		return GAA_OK;
 		break;
+	case GAAOPTID_x509fmtder:
+	OK = 0;
+#line 7 "cli.gaa"
+{ gaaval->fmtder = 1 ;};
+
+		return GAA_OK;
+		break;
 	case GAAOPTID_resume:
 	OK = 0;
 #line 4 "cli.gaa"
@@ -885,7 +898,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		break;
 	case GAA_REST:
 		GAA_LIST_FILL(GAAREST_tmp.arg1, gaa_getstr, char*, GAAREST_tmp.size1);
-#line 73 "cli.gaa"
+#line 76 "cli.gaa"
 { gaaval->rest_args = GAAREST_tmp.arg1; gaaval->nrest_args = GAAREST_tmp.size1 ;};
 
 		return GAA_OK;
@@ -913,14 +926,14 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 75 "cli.gaa"
+#line 78 "cli.gaa"
 { gaaval->resume=0; gaaval->port=443; gaaval->rest_args=NULL; gaaval->nrest_args=0; gaaval->ciphers=NULL;
 	gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0;
 	gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; 
 	gaaval->fingerprint=0; gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL;
 	gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL;
 	gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL;  
-	gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; ;};
+	gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; ;};
 
     }
     inited = 1;
diff --git a/src/cli-gaa.h b/src/cli-gaa.h
index a6a723fee2..24fc9e6a4a 100644
--- a/src/cli-gaa.h
+++ b/src/cli-gaa.h
@@ -8,58 +8,60 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 72 "cli.gaa"
+#line 75 "cli.gaa"
 	char **rest_args;
-#line 71 "cli.gaa"
+#line 74 "cli.gaa"
 	int nrest_args;
-#line 64 "cli.gaa"
+#line 67 "cli.gaa"
 	char *srp_passwd;
-#line 61 "cli.gaa"
+#line 64 "cli.gaa"
 	char *srp_username;
-#line 58 "cli.gaa"
+#line 61 "cli.gaa"
 	char *x509_certfile;
-#line 55 "cli.gaa"
+#line 58 "cli.gaa"
 	char *x509_keyfile;
-#line 52 "cli.gaa"
+#line 55 "cli.gaa"
 	char *pgp_certfile;
-#line 49 "cli.gaa"
+#line 52 "cli.gaa"
 	char *pgp_trustdb;
-#line 46 "cli.gaa"
+#line 49 "cli.gaa"
 	char *pgp_keyring;
-#line 43 "cli.gaa"
+#line 46 "cli.gaa"
 	char *pgp_keyfile;
-#line 40 "cli.gaa"
+#line 43 "cli.gaa"
 	char *x509_cafile;
-#line 37 "cli.gaa"
+#line 40 "cli.gaa"
 	char **ctype;
-#line 36 "cli.gaa"
+#line 39 "cli.gaa"
 	int nctype;
-#line 33 "cli.gaa"
+#line 36 "cli.gaa"
 	char **kx;
-#line 32 "cli.gaa"
+#line 35 "cli.gaa"
 	int nkx;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
 	char **macs;
-#line 28 "cli.gaa"
+#line 31 "cli.gaa"
 	int nmacs;
-#line 25 "cli.gaa"
+#line 28 "cli.gaa"
 	char **comp;
-#line 24 "cli.gaa"
+#line 27 "cli.gaa"
 	int ncomp;
-#line 21 "cli.gaa"
+#line 24 "cli.gaa"
 	char **proto;
-#line 20 "cli.gaa"
+#line 23 "cli.gaa"
 	int nproto;
-#line 17 "cli.gaa"
+#line 20 "cli.gaa"
 	char **ciphers;
-#line 16 "cli.gaa"
+#line 19 "cli.gaa"
 	int nciphers;
-#line 12 "cli.gaa"
+#line 15 "cli.gaa"
 	int record_size;
-#line 9 "cli.gaa"
+#line 12 "cli.gaa"
 	int port;
-#line 6 "cli.gaa"
+#line 9 "cli.gaa"
 	int fingerprint;
+#line 6 "cli.gaa"
+	int fmtder;
 #line 3 "cli.gaa"
 	int resume;
 
diff --git a/src/cli.c b/src/cli.c
index 6ec9f6f693..4afa2d43e6 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -64,6 +64,7 @@ char *x509_keyfile;
 char *x509_certfile;
 char *x509_cafile;
 char *x509_crlfile = NULL;
+static int x509ctype;
 
 
 int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
@@ -177,7 +178,7 @@ int main(int argc, char **argv)
    if (x509_cafile != NULL) {
       ret =
 	  gnutls_certificate_set_x509_trust_file(xcred, x509_cafile,
-					 x509_crlfile, GNUTLS_X509_FMT_PEM);
+					 x509_crlfile, x509ctype);
       if (ret < 0) {
 	 fprintf(stderr, "Error setting the x509 trust file\n");
       }
@@ -186,7 +187,7 @@ int main(int argc, char **argv)
    if (x509_certfile != NULL) {
       ret =
 	  gnutls_certificate_set_x509_key_file(xcred, x509_certfile,
-				       x509_keyfile, GNUTLS_X509_FMT_PEM);
+				       x509_keyfile, x509ctype);
       if (ret < 0) {
 	 fprintf(stderr, "Error setting the x509 key files ('%s', '%s')\n",
 		 x509_certfile, x509_keyfile);
@@ -482,6 +483,11 @@ void gaa_parser(int argc, char **argv)
    record_max_size = info.record_size;
    fingerprint = info.fingerprint;
 
+   if (info.fmtder == 0)
+      x509ctype = GNUTLS_X509_FMT_PEM;
+   else
+      x509ctype = GNUTLS_X509_FMT_DER;
+
 #ifdef DEBUG
    if (info.x509_certfile != NULL)
       x509_certfile = info.x509_certfile;
diff --git a/src/cli.gaa b/src/cli.gaa
index 590ab6cde3..b91324dfca 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -3,6 +3,9 @@ helpnode "gnutls-cli help\nUsage: gnutls-cli [options] hostname"
 #int resume;
 option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again and resume this session."
 
+#int fmtder;
+option (x509fmtder) { $fmtder = 1 } "Use DER format for certificates"
+
 #int fingerprint;
 option (f, fingerprint) { $fingerprint = 1 } "Send the openpgp fingerprint, instead of the key."
 
@@ -78,7 +81,7 @@ init { $resume=0; $port=443; $rest_args=NULL; $nrest_args=0; $ciphers=NULL;
 	$fingerprint=0; $pgp_trustdb=NULL; $pgp_keyring=NULL;
 	$x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL;
 	$x509_keyfile=NULL; $x509_certfile=NULL;  
-	$srp_username=NULL; $srp_passwd=NULL; }
+	$srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; }
 
 
 ##
diff --git a/src/serv-gaa.c b/src/serv-gaa.c
index bcad4c839f..6b60c4ab89 100644
--- a/src/serv-gaa.c
+++ b/src/serv-gaa.c
@@ -1,7 +1,7 @@
 /* File generated by GAA 1.6.0
  */
 #define GAA_NO_WIN32
-#line 80 "serv.gaa"
+#line 83 "serv.gaa"
 
 #include <common.h>
 #include <stdio.h>
@@ -112,6 +112,7 @@ void gaa_help(void)
 	__gaa_helpsingle('g', "generate", "", "Generate Diffie Hellman Parameters.");
 	__gaa_helpsingle('p', "port", """integer"" ", "The port to connect to.");
 	__gaa_helpsingle(0, "http", "", "Act as an HTTP Server.");
+	__gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates");
 	__gaa_helpsingle(0, "x509cafile", """FILE"" ", "Certificate file to use.");
 	__gaa_helpsingle(0, "pgpkeyring", """FILE"" ", "PGP Key ring file to use.");
 	__gaa_helpsingle(0, "pgptrustdb", """FILE"" ", "PGP trustdb file to use.");
@@ -144,50 +145,52 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 64 "serv.gaa"
+#line 67 "serv.gaa"
 	char **ctype;
-#line 63 "serv.gaa"
+#line 66 "serv.gaa"
 	int nctype;
-#line 60 "serv.gaa"
+#line 63 "serv.gaa"
 	char **kx;
-#line 59 "serv.gaa"
+#line 62 "serv.gaa"
 	int nkx;
-#line 56 "serv.gaa"
+#line 59 "serv.gaa"
 	char **macs;
-#line 55 "serv.gaa"
+#line 58 "serv.gaa"
 	int nmacs;
-#line 52 "serv.gaa"
+#line 55 "serv.gaa"
 	char **comp;
-#line 51 "serv.gaa"
+#line 54 "serv.gaa"
 	int ncomp;
-#line 48 "serv.gaa"
+#line 51 "serv.gaa"
 	char **proto;
-#line 47 "serv.gaa"
+#line 50 "serv.gaa"
 	int nproto;
-#line 44 "serv.gaa"
+#line 47 "serv.gaa"
 	char **ciphers;
-#line 43 "serv.gaa"
+#line 46 "serv.gaa"
 	int nciphers;
-#line 39 "serv.gaa"
+#line 42 "serv.gaa"
 	char *srp_passwd_conf;
-#line 36 "serv.gaa"
+#line 39 "serv.gaa"
 	char *srp_passwd;
-#line 33 "serv.gaa"
+#line 36 "serv.gaa"
 	char *pgp_keyserver;
-#line 30 "serv.gaa"
+#line 33 "serv.gaa"
 	char *x509_certfile;
-#line 27 "serv.gaa"
+#line 30 "serv.gaa"
 	char *x509_keyfile;
-#line 24 "serv.gaa"
+#line 27 "serv.gaa"
 	char *pgp_certfile;
-#line 21 "serv.gaa"
+#line 24 "serv.gaa"
 	char *pgp_keyfile;
-#line 18 "serv.gaa"
+#line 21 "serv.gaa"
 	char *pgp_trustdb;
-#line 15 "serv.gaa"
+#line 18 "serv.gaa"
 	char *pgp_keyring;
-#line 12 "serv.gaa"
+#line 15 "serv.gaa"
 	char *x509_cafile;
+#line 12 "serv.gaa"
+	int fmtder;
 #line 9 "serv.gaa"
 	int http;
 #line 6 "serv.gaa"
@@ -248,7 +251,7 @@ int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           21
+#define GAA_NB_OPTION           22
 #define GAAOPTID_help	1
 #define GAAOPTID_list	2
 #define GAAOPTID_ctypes	3
@@ -267,9 +270,10 @@ int gaa_error = 0;
 #define GAAOPTID_pgptrustdb	16
 #define GAAOPTID_pgpkeyring	17
 #define GAAOPTID_x509cafile	18
-#define GAAOPTID_http	19
-#define GAAOPTID_port	20
-#define GAAOPTID_generate	21
+#define GAAOPTID_x509fmtder	19
+#define GAAOPTID_http	20
+#define GAAOPTID_port	21
+#define GAAOPTID_generate	22
 
 #line 168 "gaa.skel"
 
@@ -608,6 +612,7 @@ int gaa_get_option_num(char *str, int status)
 #line 375 "gaa.skel"
 			GAA_CHECK1STR("h", GAAOPTID_help);
 			GAA_CHECK1STR("l", GAAOPTID_list);
+			GAA_CHECK1STR("", GAAOPTID_x509fmtder);
 			GAA_CHECK1STR("", GAAOPTID_http);
 			GAA_CHECK1STR("g", GAAOPTID_generate);
 
@@ -632,6 +637,7 @@ int gaa_get_option_num(char *str, int status)
 			GAA_CHECKSTR("pgptrustdb", GAAOPTID_pgptrustdb);
 			GAA_CHECKSTR("pgpkeyring", GAAOPTID_pgpkeyring);
 			GAA_CHECKSTR("x509cafile", GAAOPTID_x509cafile);
+			GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder);
 			GAA_CHECKSTR("http", GAAOPTID_http);
 			GAA_CHECKSTR("port", GAAOPTID_port);
 			GAA_CHECKSTR("generate", GAAOPTID_generate);
@@ -686,14 +692,14 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
 	case GAAOPTID_help:
 	OK = 0;
-#line 69 "serv.gaa"
+#line 72 "serv.gaa"
 { gaa_help(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_list:
 	OK = 0;
-#line 68 "serv.gaa"
+#line 71 "serv.gaa"
 { print_list(); exit(0); ;};
 
 		return GAA_OK;
@@ -701,7 +707,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_ctypes:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1);
-#line 65 "serv.gaa"
+#line 68 "serv.gaa"
 { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
 
 		return GAA_OK;
@@ -709,7 +715,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_kx:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1);
-#line 61 "serv.gaa"
+#line 64 "serv.gaa"
 { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
 
 		return GAA_OK;
@@ -717,7 +723,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_macs:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1);
-#line 57 "serv.gaa"
+#line 60 "serv.gaa"
 { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
 
 		return GAA_OK;
@@ -725,7 +731,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_comp:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1);
-#line 53 "serv.gaa"
+#line 56 "serv.gaa"
 { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
 
 		return GAA_OK;
@@ -733,7 +739,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_protocols:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1);
-#line 49 "serv.gaa"
+#line 52 "serv.gaa"
 { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;};
 
 		return GAA_OK;
@@ -741,7 +747,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_ciphers:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1);
-#line 45 "serv.gaa"
+#line 48 "serv.gaa"
 { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;};
 
 		return GAA_OK;
@@ -751,7 +757,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_srppasswdconf.arg1, gaa_getstr, GAATMP_srppasswdconf.size1);
 		gaa_index++;
-#line 40 "serv.gaa"
+#line 43 "serv.gaa"
 { gaaval->srp_passwd_conf = GAATMP_srppasswdconf.arg1 ;};
 
 		return GAA_OK;
@@ -761,7 +767,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1);
 		gaa_index++;
-#line 37 "serv.gaa"
+#line 40 "serv.gaa"
 { gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;};
 
 		return GAA_OK;
@@ -771,7 +777,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgpkeyserver.arg1, gaa_getstr, GAATMP_pgpkeyserver.size1);
 		gaa_index++;
-#line 34 "serv.gaa"
+#line 37 "serv.gaa"
 { gaaval->pgp_keyserver = GAATMP_pgpkeyserver.arg1 ;};
 
 		return GAA_OK;
@@ -781,7 +787,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1);
 		gaa_index++;
-#line 31 "serv.gaa"
+#line 34 "serv.gaa"
 { gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;};
 
 		return GAA_OK;
@@ -791,7 +797,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1);
 		gaa_index++;
-#line 28 "serv.gaa"
+#line 31 "serv.gaa"
 { gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;};
 
 		return GAA_OK;
@@ -801,7 +807,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1);
 		gaa_index++;
-#line 25 "serv.gaa"
+#line 28 "serv.gaa"
 { gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;};
 
 		return GAA_OK;
@@ -811,7 +817,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1);
 		gaa_index++;
-#line 22 "serv.gaa"
+#line 25 "serv.gaa"
 { gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;};
 
 		return GAA_OK;
@@ -821,7 +827,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgptrustdb.arg1, gaa_getstr, GAATMP_pgptrustdb.size1);
 		gaa_index++;
-#line 19 "serv.gaa"
+#line 22 "serv.gaa"
 { gaaval->pgp_keyring = GAATMP_pgptrustdb.arg1 ;};
 
 		return GAA_OK;
@@ -831,7 +837,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1);
 		gaa_index++;
-#line 16 "serv.gaa"
+#line 19 "serv.gaa"
 { gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;};
 
 		return GAA_OK;
@@ -841,11 +847,18 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1);
 		gaa_index++;
-#line 13 "serv.gaa"
+#line 16 "serv.gaa"
 { gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;};
 
 		return GAA_OK;
 		break;
+	case GAAOPTID_x509fmtder:
+	OK = 0;
+#line 13 "serv.gaa"
+{ gaaval->fmtder = 1 ;};
+
+		return GAA_OK;
+		break;
 	case GAAOPTID_http:
 	OK = 0;
 #line 10 "serv.gaa"
@@ -893,14 +906,14 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 71 "serv.gaa"
+#line 74 "serv.gaa"
 { gaaval->generate=0; gaaval->port=5556; gaaval->http=0; gaaval->ciphers=NULL;
 	gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0;
 	gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0;
 	gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL;
 	gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->pgp_keyserver=NULL; 
 	gaaval->srp_passwd=NULL; gaaval->srp_passwd_conf=NULL; 
-	gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL; ;};
+	gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL; gaaval->fmtder = 0; ;};
 
     }
     inited = 1;
diff --git a/src/serv-gaa.h b/src/serv-gaa.h
index 11237e39fa..99adbf6bbc 100644
--- a/src/serv-gaa.h
+++ b/src/serv-gaa.h
@@ -8,50 +8,52 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 64 "serv.gaa"
+#line 67 "serv.gaa"
 	char **ctype;
-#line 63 "serv.gaa"
+#line 66 "serv.gaa"
 	int nctype;
-#line 60 "serv.gaa"
+#line 63 "serv.gaa"
 	char **kx;
-#line 59 "serv.gaa"
+#line 62 "serv.gaa"
 	int nkx;
-#line 56 "serv.gaa"
+#line 59 "serv.gaa"
 	char **macs;
-#line 55 "serv.gaa"
+#line 58 "serv.gaa"
 	int nmacs;
-#line 52 "serv.gaa"
+#line 55 "serv.gaa"
 	char **comp;
-#line 51 "serv.gaa"
+#line 54 "serv.gaa"
 	int ncomp;
-#line 48 "serv.gaa"
+#line 51 "serv.gaa"
 	char **proto;
-#line 47 "serv.gaa"
+#line 50 "serv.gaa"
 	int nproto;
-#line 44 "serv.gaa"
+#line 47 "serv.gaa"
 	char **ciphers;
-#line 43 "serv.gaa"
+#line 46 "serv.gaa"
 	int nciphers;
-#line 39 "serv.gaa"
+#line 42 "serv.gaa"
 	char *srp_passwd_conf;
-#line 36 "serv.gaa"
+#line 39 "serv.gaa"
 	char *srp_passwd;
-#line 33 "serv.gaa"
+#line 36 "serv.gaa"
 	char *pgp_keyserver;
-#line 30 "serv.gaa"
+#line 33 "serv.gaa"
 	char *x509_certfile;
-#line 27 "serv.gaa"
+#line 30 "serv.gaa"
 	char *x509_keyfile;
-#line 24 "serv.gaa"
+#line 27 "serv.gaa"
 	char *pgp_certfile;
-#line 21 "serv.gaa"
+#line 24 "serv.gaa"
 	char *pgp_keyfile;
-#line 18 "serv.gaa"
+#line 21 "serv.gaa"
 	char *pgp_trustdb;
-#line 15 "serv.gaa"
+#line 18 "serv.gaa"
 	char *pgp_keyring;
-#line 12 "serv.gaa"
+#line 15 "serv.gaa"
 	char *x509_cafile;
+#line 12 "serv.gaa"
+	int fmtder;
 #line 9 "serv.gaa"
 	int http;
 #line 6 "serv.gaa"
diff --git a/src/serv.c b/src/serv.c
index 2270f8e21c..fd6f5109e3 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -41,6 +41,7 @@ static char http_buffer[16 * 1024];
 static int generate = 0;
 static int http = 0;
 static int port = 0;
+static int x509ctype;
 
 char *srp_passwd;
 char *srp_passwd_conf;
@@ -345,12 +346,15 @@ int main(int argc, char **argv)
       exit(1);
    }
 
-   if (x509_cafile != NULL)
-      if (gnutls_certificate_set_x509_trust_file
-	  (cert_cred, x509_cafile, x509_crlfile, GNUTLS_X509_FMT_PEM) < 0) {
+   if (x509_cafile != NULL) {
+      if ((ret=gnutls_certificate_set_x509_trust_file
+	  (cert_cred, x509_cafile, x509_crlfile, x509ctype)) < 0) {
 	 fprintf(stderr, "Error reading '%s'\n", x509_cafile);
 	 exit(1);
+      } else {
+      	 printf("Processed %d CA certificate(s).\n", ret);
       }
+   }
 
    if (pgp_keyring != NULL) {
       ret =
@@ -376,7 +380,7 @@ int main(int argc, char **argv)
 
    if (x509_certfile != NULL)
       if (gnutls_certificate_set_x509_key_file
-	  (cert_cred, x509_certfile, x509_keyfile, GNUTLS_X509_FMT_PEM) < 0) {
+	  (cert_cred, x509_certfile, x509_keyfile, x509ctype) < 0) {
 	 fprintf(stderr,
 		 "Error reading '%s' or '%s'\n", x509_certfile,
 		 x509_keyfile);
@@ -566,6 +570,11 @@ void gaa_parser(int argc, char **argv)
    else
       http = 1;
 
+   if (info.fmtder == 0)
+      x509ctype = GNUTLS_X509_FMT_PEM;
+   else
+      x509ctype = GNUTLS_X509_FMT_DER;
+
    if (info.generate == 0)
       generate = 0;
    else
diff --git a/src/serv.gaa b/src/serv.gaa
index 1409fd6171..eeb6f2ee6e 100644
--- a/src/serv.gaa
+++ b/src/serv.gaa
@@ -9,6 +9,9 @@ option (p, port) INT "integer" { $port = $1 } "The port to connect to."
 #int http;
 option (http) { $http = 1 } "Act as an HTTP Server."
 
+#int fmtder;
+option (x509fmtder) { $fmtder = 1 } "Use DER format for certificates"
+
 #char *x509_cafile;
 option (x509cafile) STR "FILE" { $x509_cafile = $1 } "Certificate file to use."
 
@@ -74,7 +77,7 @@ init { $generate=0; $port=5556; $http=0; $ciphers=NULL;
 	$x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL;
 	$x509_keyfile=NULL; $x509_certfile=NULL; $pgp_keyserver=NULL; 
 	$srp_passwd=NULL; $srp_passwd_conf=NULL; 
-	$pgp_trustdb=NULL; $pgp_keyring=NULL; }
+	$pgp_trustdb=NULL; $pgp_keyring=NULL; $fmtder = 0; }
 
 ##