Support client CA advertisement

1 files changed, 12 insertions, 1 deletions

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 5c41f6ea..1e7efc63 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -93,13 +93,14 @@ use std::sync::Mutex;
 use {init, cvt, cvt_p};
 use dh::DhRef;
 use ec_key::EcKeyRef;
-use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError};
+use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name};
 #[cfg(any(ossl102, ossl110))]
 use verify::X509VerifyParamRef;
 use pkey::PKeyRef;
 use error::ErrorStack;
 use types::{OpenSslType, OpenSslTypeRef};
 use util::Opaque;
+use stack::Stack;
 
 mod error;
 mod connector;
@@ -542,6 +543,16 @@ impl SslContextBuilder {
         }
     }
 
+    /// Sets the list of CAs sent to the client.
+    ///
+    /// The CA certificates must still be added to the trust root.
+    pub fn set_client_ca_list(&mut self, list: Stack<X509Name>) {
+        unsafe {
+            ffi::SSL_CTX_set_client_CA_list(self.as_ptr(), list.as_ptr());
+            mem::forget(list);
+        }
+    }
+
     /// Set the context identifier for sessions
     ///
     /// This value identifies the server's session cache to a clients, telling them when they're