From 1edb6f682eaa728871e39aa41735a668fcc7447c Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sun, 6 Nov 2016 12:16:44 -0800
Subject: Support client CA advertisement

---
 openssl/src/ssl/mod.rs | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'openssl/src/ssl/mod.rs')

diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 5c41f6ea..1e7efc63 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -93,13 +93,14 @@ use std::sync::Mutex;
 use {init, cvt, cvt_p};
 use dh::DhRef;
 use ec_key::EcKeyRef;
-use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError};
+use x509::{X509StoreContextRef, X509FileType, X509, X509Ref, X509VerifyError, X509Name};
 #[cfg(any(ossl102, ossl110))]
 use verify::X509VerifyParamRef;
 use pkey::PKeyRef;
 use error::ErrorStack;
 use types::{OpenSslType, OpenSslTypeRef};
 use util::Opaque;
+use stack::Stack;
 
 mod error;
 mod connector;
@@ -542,6 +543,16 @@ impl SslContextBuilder {
         }
     }
 
+    /// Sets the list of CAs sent to the client.
+    ///
+    /// The CA certificates must still be added to the trust root.
+    pub fn set_client_ca_list(&mut self, list: Stack<X509Name>) {
+        unsafe {
+            ffi::SSL_CTX_set_client_CA_list(self.as_ptr(), list.as_ptr());
+            mem::forget(list);
+        }
+    }
+
     /// Set the context identifier for sessions
     ///
     /// This value identifies the server's session cache to a clients, telling them when they're
-- 
cgit v1.2.3