add set_verify_cert_store() to ssl ctx

1 files changed, 13 insertions, 0 deletions

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 5a65aa77..bcfcadf9 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -99,6 +99,8 @@ use ec::EcKeyRef;
 use ec::EcKey;
 use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name};
 use x509::store::{X509StoreBuilderRef, X509StoreRef};
+#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+use x509::store::X509Store;
 #[cfg(any(ossl102, ossl110))]
 use verify::X509VerifyParamRef;
 use pkey::PKeyRef;
@@ -652,6 +654,17 @@ impl SslContextBuilder {
         }
     }
 
+    /// Sets a custom X509Store for verifying peer certificates
+    #[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+    pub fn set_verify_cert_store(&mut self, cert_store: X509Store) -> Result<(), ErrorStack> {
+        unsafe {
+            // set0 will free, set1 increments, and then requires a free
+            let ptr = cert_store.as_ptr();
+            mem::forget(cert_store);
+            cvt(ffi::SSL_CTX_set0_verify_cert_store(self.as_ptr(), ptr) as c_int).map(|_|())
+        }
+    }
+
     pub fn set_read_ahead(&mut self, read_ahead: bool) {
         unsafe {
             ffi::SSL_CTX_set_read_ahead(self.as_ptr(), read_ahead as c_long);