Added gnutls_certificate_set_trust_list().

4 files changed, 39 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index 6fc4ba841d..a515fe42ef 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,7 @@ See the end for copying conditions.
 subsystems.
 
 ** API and ABI modifications:
-No changes since last version.
+gnutls_certificate_set_trust_list: Added
 
 
 * Version 3.2.1 (released 2013-06-01)
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index d67ad5bf23..f0568de79e 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -42,6 +42,7 @@
 #include "x509/common.h"
 #include "x509/x509_int.h"
 #include <gnutls_str_array.h>
+#include <gnutls/x509.h>
 #include "read-file.h"
 #ifdef _WIN32
 # include <wincrypt.h>
@@ -1270,10 +1271,11 @@ cleanup:
  * called more than once, in case multiple keys/certificates exist for
  * the server.  For clients that wants to send more than its own end
  * entity certificate (e.g., also an intermediate CA cert) then put
- * the certificate chain in @pcert_list. The @pcert_list and @key will
- * become part of the credentials structure and must not
- * be deallocated. They will be automatically deallocated when @res
- * is deinitialized.
+ * the certificate chain in @pcert_list. 
+ *
+ * Note that the @pcert_list and @key will become part of the credentials 
+ * structure and must not be deallocated. They will be automatically deallocated 
+ * when the @res structure is deinitialized.
  *
  * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
  *
@@ -1338,6 +1340,33 @@ cleanup:
 }
 
 /**
+ * gnutls_certificate_set_trust_list:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @tlist: is a #gnutls_x509_trust_list_t structure
+ * @flags: must be zero
+ *
+ * This function sets a trust list in the gnutls_certificate_credentials_t structure. 
+ *
+ * Note that the @tlist will become part of the credentials 
+ * structure and must not be deallocated. It will be automatically deallocated 
+ * when the @res structure is deinitialized.
+ *
+ * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
+ *
+ * Since: 3.2.2
+ **/
+void
+gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
+                                   gnutls_x509_trust_list_t tlist,
+                                   unsigned flags)
+{
+  gnutls_x509_trust_list_deinit(res->tlist, 1);
+
+  res->tlist = tlist;
+}
+
+
+/**
  * gnutls_certificate_set_x509_key_file:
  * @res: is a #gnutls_certificate_credentials_t structure.
  * @certfile: is a file that containing the certificate list (path) for
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 53e020bb59..3e2bf2b570 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -1110,6 +1110,10 @@ gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list,
 int
 gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
                                         unsigned int tl_flags, unsigned int tl_vflags);
+
+void gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res,
+                                gnutls_x509_trust_list_t tlist, unsigned flags);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index e14ab6d1dc..f7a41db334 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -911,6 +911,7 @@ GNUTLS_3_1_0 {
 	gnutls_alpn_get_selected_protocol;
 	gnutls_alpn_set_protocols;
 	gnutls_session_set_id;
+	gnutls_certificate_set_trust_list;
 } GNUTLS_3_0_0;
 
 GNUTLS_PRIVATE {