combined gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags

That was done in an API-backwards compatible way. That
introduces gnutls_pkcs11_obj_list_import_url3() and
gnutls_pkcs11_obj_list_import_url4().

1 files changed, 5 insertions, 3 deletions

diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
index dda1b131a5..09eefd4000 100644
--- a/lib/x509/verify-high2.c
+++ b/lib/x509/verify-high2.c
@@ -191,7 +191,7 @@ int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *
 	ret =
 	    gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
 					       url,
-					       GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL|GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED,
+					       GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
 					       0);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
@@ -239,7 +239,7 @@ int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url)
 	ret =
 	    gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
 					       url,
-					       GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL|GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED,
+					       GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
 					       0);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
@@ -330,7 +330,9 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
 
 				/* enumerate the certificates */
 				ret = gnutls_pkcs11_obj_list_import_url(NULL, &pcrt_list_size,
-					ca_file, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
+					ca_file, 
+					(GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED),
+					0);
 				if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
 					return gnutls_assert_val(ret);