Merge pull request #582 from bluejekyll/master

add set_verify_cert_store() to ssl ctx

1 files changed, 25 insertions, 0 deletions

diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 9c00e3ed..5b52a524 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -173,9 +173,15 @@ macro_rules! run_test(
             use ssl::SSL_VERIFY_PEER;
             use hash::MessageDigest;
             use x509::X509StoreContext;
+            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+            use x509::X509;
+            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+            use x509::store::X509StoreBuilder;
             use hex::FromHex;
             use foreign_types::ForeignTypeRef;
             use super::Server;
+            #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]            
+            use super::ROOT_CERT;
 
             #[test]
             fn sslv23() {
@@ -221,6 +227,25 @@ run_test!(verify_trusted, |method, stream| {
     }
 });
 
+#[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))]
+run_test!(verify_trusted_with_set_cert, |method, stream| {
+    let x509 = X509::from_pem(ROOT_CERT).unwrap();
+    let mut store = X509StoreBuilder::new().unwrap();
+    store.add_cert(x509).unwrap();
+
+    let mut ctx = SslContext::builder(method).unwrap();
+    ctx.set_verify(SSL_VERIFY_PEER);
+
+    match ctx.set_verify_cert_store(store.build()) {
+        Ok(_) => {}
+        Err(err) => panic!("Unexpected error {:?}", err),
+    }
+    match Ssl::new(&ctx.build()).unwrap().connect(stream) {
+        Ok(_) => (),
+        Err(err) => panic!("Expected success, got {:?}", err),
+    }
+});
+
 run_test!(verify_untrusted_callback_override_ok, |method, stream| {
     let mut ctx = SslContext::builder(method).unwrap();
     ctx.set_verify_callback(SSL_VERIFY_PEER, |_, _| true);