diff --git a/src/ssl.c b/src/ssl.c
index dc9bb37f8..bb8cdf5ae 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1963,12 +1963,31 @@ int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
 #ifdef HAVE_TRUSTED_CA
 
 WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, byte type,
-            const byte* cert, word32 certSz)
+            const byte* certId, word32 certIdSz)
 {
     if (ssl == NULL)
         return BAD_FUNC_ARG;
 
-    return TLSX_UseTrustedCA(&ssl->extensions, type, cert, certSz, ssl->heap);
+    if (type == WOLFSSL_TRUSTED_CA_PRE_AGREED) {
+        if (certId != NULL || certIdSz != 0)
+            return BAD_FUNC_ARG;
+    }
+    else if (type == WOLFSSL_TRUSTED_CA_X509_NAME) {
+        if (certId == NULL || certIdSz == 0)
+            return BAD_FUNC_ARG;
+    }
+    #ifndef NO_SHA
+    else if (type == WOLFSSL_TRUSTED_CA_KEY_SHA1 ||
+            type == WOLFSSL_TRUSTED_CA_CERT_SHA1) {
+        if (certId == NULL || certIdSz != SHA_DIGEST_SIZE)
+            return BAD_FUNC_ARG;
+    }
+    #endif
+    else
+        return BAD_FUNC_ARG;
+
+    return TLSX_UseTrustedCA(&ssl->extensions,
+            type, certId, certIdSz, ssl->heap);
 }
 
 #endif /* HAVE_TRUSTED_CA */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 16baa6394..ec1a0bee0 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2260,7 +2260,7 @@ enum {
 };
 
 WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, unsigned char type,
-            const unsigned char* cert, unsigned int certSz);
+            const unsigned char* certId, unsigned int certIdSz);
 #endif /* HAVE_TRUSTED_CA */
 
 /* Application-Layer Protocol Negotiation */