2 files changed, 27 insertions, 20 deletions

diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index 0c5d0df0..fb9a42e8 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -319,7 +319,8 @@ mod verify {
 
     use ex_data::Index;
     use nid::Nid;
-    use x509::{GeneralName, X509NameRef, X509Ref, X509StoreContextRef, X509VerifyResult};
+    use x509::{GeneralName, X509NameRef, X509Ref, X509StoreContext, X509StoreContextRef,
+               X509VerifyResult};
     use stack::Stack;
     use ssl::Ssl;
 
@@ -334,11 +335,10 @@ mod verify {
 
         let ok = match (
             x509_ctx.current_cert(),
-            x509_ctx
-                .ssl()
+            X509StoreContext::ssl_idx()
                 .ok()
-                .and_then(|s| s)
-                .and_then(|s| s.ex_data(*HOSTNAME_IDX)),
+                .and_then(|idx| x509_ctx.ex_data(idx))
+                .and_then(|ssl| ssl.ex_data(*HOSTNAME_IDX)),
         ) {
             (Some(x509), Some(domain)) => verify_hostname(domain, &x509),
             _ => true,
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 70d82c61..d1297a69 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -16,6 +16,7 @@ use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1T
 use bio::MemBioSlice;
 use conf::ConfRef;
 use error::ErrorStack;
+use ex_data::Index;
 use hash::MessageDigest;
 use nid::Nid;
 use pkey::{PKey, PKeyRef};
@@ -59,7 +60,26 @@ foreign_type_and_impl_send_sync! {
     pub struct X509StoreContextRef;
 }
 
+impl X509StoreContext {
+    /// Returns the index which can be used to obtain a reference to the `Ssl` associated with a
+    /// context.
+    pub fn ssl_idx() -> Result<Index<X509StoreContext, SslRef>, ErrorStack> {
+        unsafe { cvt_n(ffi::SSL_get_ex_data_X509_STORE_CTX_idx()).map(|idx| Index::from_raw(idx)) }
+    }
+}
+
 impl X509StoreContextRef {
+    pub fn ex_data<T>(&self, index: Index<X509StoreContext, T>) -> Option<&T> {
+        unsafe {
+            let data = ffi::X509_STORE_CTX_get_ex_data(self.as_ptr(), index.as_raw());
+            if data.is_null() {
+                None
+            } else {
+                Some(&*(data as *const T))
+            }
+        }
+    }
+
     pub fn error(&self) -> X509VerifyResult {
         unsafe { X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(self.as_ptr())) }
     }
@@ -90,22 +110,9 @@ impl X509StoreContextRef {
             let chain = X509_STORE_CTX_get_chain(self.as_ptr());
 
             if chain.is_null() {
-                return None;
-            }
-
-            Some(StackRef::from_ptr(chain))
-        }
-    }
-
-    /// Returns a reference to the `Ssl` associated with this context.
-    pub fn ssl(&self) -> Result<Option<&SslRef>, ErrorStack> {
-        unsafe {
-            let idx = cvt_n(ffi::SSL_get_ex_data_X509_STORE_CTX_idx())?;
-            let ssl = ffi::X509_STORE_CTX_get_ex_data(self.as_ptr(), idx);
-            if ssl.is_null() {
-                Ok(None)
+                None
             } else {
-                Ok(Some(SslRef::from_ptr(ssl as *mut ffi::SSL)))
+                Some(StackRef::from_ptr(chain))
             }
         }
     }