1 files changed, 7 insertions, 1 deletions

diff --git a/agent/trustlist.c b/agent/trustlist.c
index 4d23eb1b0..330f233b8 100644
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -45,6 +45,7 @@ struct trustitem_s
                              constraints. */
     int cm:1;             /* Use chain model for validation. */
     int qual:1;           /* Root CA for qualified signatures.  */
+    int de_vs:1;          /* Root CA for de-vs compliant PKI.    */
   } flags;
   unsigned char fpr[20];  /* The binary fingerprint. */
 };
@@ -324,6 +325,8 @@ read_one_trustfile (const char *fname, int systrust,
             ti->flags.cm = 1;
           else if (n == 4 && !memcmp (p, "qual", 4) && systrust)
             ti->flags.qual = 1;
+          else if (n == 4 && !memcmp (p, "de-vs", 4) && systrust)
+            ti->flags.de_vs = 1;
           else
             log_error ("flag '%.*s' in '%s', line %d ignored\n",
                        n, p, fname, lnr);
@@ -476,7 +479,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
                in a locked state.  */
             if (already_locked)
               ;
-            else if (ti->flags.relax || ti->flags.cm || ti->flags.qual)
+            else if (ti->flags.relax || ti->flags.cm || ti->flags.qual
+                     || ti->flags.de_vs)
               {
                 unlock_trusttable ();
                 locked = 0;
@@ -487,6 +491,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
                   err = agent_write_status (ctrl,"TRUSTLISTFLAG", "cm", NULL);
                 if (!err && ti->flags.qual)
                   err = agent_write_status (ctrl,"TRUSTLISTFLAG", "qual",NULL);
+                if (!err && ti->flags.de_vs)
+                  err = agent_write_status (ctrl,"TRUSTLISTFLAG", "de-vs",NULL);
               }
 
             if (!err)