3 files changed, 9 insertions, 0 deletions

diff --git a/README.md b/README.md
index 2f3fc8b..6e77886 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,7 @@ client.TrustCertificate = func(hostname string, cert *x509.Certificate, knownHos
 			// Prompt the user to trust the certificate
 			if userTrustsCertificateTemporarily() {
 				// Temporarily trust the certificate
+				knownHosts.AddTemporary(hostname, cert)
 				return nil
 			} else if userTrustsCertificatePermanently() {
 				// Add the certificate to the known hosts file
diff --git a/examples/client/client.go b/examples/client/client.go
index a8256f2..52a1253 100644
--- a/examples/client/client.go
+++ b/examples/client/client.go
@@ -34,6 +34,7 @@ func init() {
 				// Prompt the user to trust the certificate
 				if userTrustsCertificateTemporarily() {
 					// Temporarily trust the certificate
+					knownHosts.AddTemporary(hostname, cert)
 					return nil
 				} else if userTrustsCertificatePermanently() {
 					// Add the certificate to the known hosts file
diff --git a/tofu.go b/tofu.go
index 946d2b4..7da58dc 100644
--- a/tofu.go
+++ b/tofu.go
@@ -69,6 +69,13 @@ func (k *KnownHosts) Add(hostname string, cert *x509.Certificate) {
 	}
 }
 
+// AddTemporary adds a certificate to the list of known hosts,
+// without writing it to a file.
+func (k *KnownHosts) AddTemporary(hostname string, cert *x509.Certificate) {
+	host := NewKnownHost(hostname, cert)
+	k.hosts = append(k.hosts, host)
+}
+
 // Lookup looks for the provided certificate in the list of known hosts.
 // If the hostname is in the list, but the fingerprint differs,
 // Lookup returns ErrCertificateNotTrusted.