1 files changed, 29 insertions, 6 deletions

diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index 732a99e04c..aa7ba49240 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -32,6 +32,7 @@
 #include "verify-high.h"
 
 #include <gnutls/ocsp.h>
+#include <auth/cert.h>
 
 typedef struct gnutls_ocsp_req_int
 {
@@ -1331,11 +1332,11 @@ gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
 			     gnutls_datum_t *issuer_name_hash,
 			     gnutls_datum_t *issuer_key_hash,
 			     gnutls_datum_t *serial_number,
-			     int *cert_status,
+			     unsigned int *cert_status,
 			     time_t *this_update,
 			     time_t *next_update,
 			     time_t *revocation_time,
-			     int *revocation_reason)
+			     unsigned int *revocation_reason)
 {
   gnutls_datum_t sa;
   char name[ASN1_MAX_NAME_SIZE];
@@ -1937,8 +1938,8 @@ find_signercert (gnutls_ocsp_resp_t resp)
 int
 gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
 				gnutls_x509_crt_t signercert,
-				unsigned *verify,
-				int flags)
+				unsigned int *verify,
+				unsigned int flags)
 {
   gnutls_datum_t sig = { NULL };
   gnutls_datum_t data = { NULL };
@@ -2039,8 +2040,8 @@ gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
 int
 gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
 			 gnutls_x509_trust_list_t trustlist,
-			 unsigned *verify,
-			 int flags)
+			 unsigned int *verify,
+			 unsigned int flags)
 {
   gnutls_x509_crt_t signercert = NULL;
   int rc;
@@ -2158,3 +2159,25 @@ gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
 
   return rc;
 }
+
+/**
+ * gnutls_ocsp_resp_verify_cred:
+ * @resp: should contain a #gnutls_ocsp_resp_t structure
+ * @trustlist: the certificate credentials structure
+ * @verify: output variable with verification status, an #gnutls_ocsp_cert_status_t
+ * @flags: verification flags, 0 for now.
+ *
+ * This function is identical to gnutls_ocsp_resp_verify() but would
+ * use the trusted anchors from the certificate credentials structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value.
+ **/
+int
+gnutls_ocsp_resp_verify_cred (gnutls_ocsp_resp_t resp,
+			 gnutls_certificate_credentials_t cred,
+			 unsigned int*verify,
+			 unsigned int flags)
+{
+  return gnutls_ocsp_resp_verify( resp, cred->tlist, verify, flags);
+}