Added convenience functions to load a trust list from a file or a memory buffer.

New functions:
gnutls_certificate_set_x509_system_trust, gnutls_pkcs11_obj_list_import_url2,
gnutls_x509_trust_list_add_system_trust, gnutls_x509_trust_list_add_trust_file,
gnutls_x509_trust_list_add_trust_mem.

1 files changed, 9 insertions, 4 deletions

diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index cb79a7d4c5..1ee95bf1df 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -236,6 +236,10 @@ provided.
 @showfuncdesc{gnutls_x509_trust_list_verify_crt}
 @showfuncdesc{gnutls_x509_trust_list_verify_named_crt}
 
+@showfuncdesc{gnutls_x509_trust_list_add_trust_file}
+@showfuncdesc{gnutls_x509_trust_list_add_trust_mem}
+@showfuncdesc{gnutls_x509_trust_list_add_system_trust}
+
 The verification function will verify a given certificate chain against a list of certificate
 authorities and certificate revocation lists, and output
 a bit-wise OR of elements of the @code{gnutls_@-certificate_@-status_t} 
@@ -253,10 +257,11 @@ This purpose is served by the functions @funcref{gnutls_x509_trust_list_add_name
 @cindex verifying certificate paths
 @tindex gnutls_certificate_verify_flags
 
-When operating in the context of a TLS session, if the trusted certificate
-authority list has been set via the
-@funcref{gnutls_certificate_set_x509_trust_file} and @funcref{gnutls_certificate_set_x509_crl_file},
-it is not required to setup a trusted list as above.
+When operating in the context of a TLS session, the trusted certificate
+authority list may also be set using:
+@showfuncC{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_crl_file,gnutls_certificate_set_x509_system_trust}
+
+Then it is not required to setup a trusted list as above.
 The function @funcref{gnutls_certificate_verify_peers2} 
 may then be used to verify the peer's certificate chain.