included a certificate label in the is_trusted() method

2 files changed, 3 insertions, 2 deletions

diff --git a/src/libstrongswan/credential_store.h b/src/libstrongswan/credential_store.h
index b0a500621..dcbe43f52 100755
--- a/src/libstrongswan/credential_store.h
+++ b/src/libstrongswan/credential_store.h
@@ -160,10 +160,11 @@ struct credential_store_t {
 	 * @brief Verify an X.509 certificate up to trust anchor without any status checks
 	 *
 	 * @param this		calling object
+	 * @param label		label characterizing the certificate to be verified
 	 * @param cert		certificate to be verified
 	 * @return			TRUE if trusted
 	 */
-	bool (*is_trusted) (credential_store_t *this, x509_t *cert);
+	bool (*is_trusted) (credential_store_t *this, const char *label, x509_t *cert);
 
 	/**
 	 * @brief Verify an X.509 certificate up to trust anchor including status checks
diff --git a/src/libstrongswan/crypto/ocsp.c b/src/libstrongswan/crypto/ocsp.c
index 471996c8e..0d8093e4a 100644
--- a/src/libstrongswan/crypto/ocsp.c
+++ b/src/libstrongswan/crypto/ocsp.c
@@ -770,7 +770,7 @@ static void ocsp_process_response(private_ocsp_t *this, response_t *res, credent
 		if (res->responder_cert->is_ocsp_signer(res->responder_cert))
 		{
 			DBG2("received certificate is ocsp signer");
-			if (credentials->is_trusted(credentials, res->responder_cert))
+			if (credentials->is_trusted(credentials, "OCSP signing", res->responder_cert))
 			{
 				DBG1("received ocsp signer certificate is trusted");
 				ocsp_cert = credentials->add_auth_certificate(credentials,