From 40e66bab6b532e3a0e496eaa74c4553b051037a9 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Tue, 7 Apr 2020 17:05:38 -0700
Subject: [PATCH] Add SslContextBuilder::set_cert_store

---
 openssl-sys/src/ssl.rs |  1 +
 openssl/src/ssl/mod.rs | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
index f2e1bc47..1d76159d 100644
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@@ -901,6 +901,7 @@ extern "C" {
     #[cfg(any(ossl110, libressl273))]
     pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
     pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE;
+    pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE);
 
     pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
     pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 8d81062c..82198c5f 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -762,6 +762,18 @@ impl SslContextBuilder {
         }
     }
 
+    /// Replaces the context's certificate store.
+    ///
+    /// This corresponds to [`SSL_CTX_set_cert_store`].
+    ///
+    /// [`SSL_CTX_set_cert_store`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_cert_store.html
+    pub fn set_cert_store(&mut self, cert_store: X509Store) {
+        unsafe {
+            ffi::SSL_CTX_set_cert_store(self.as_ptr(), cert_store.as_ptr());
+            mem::forget(cert_store);
+        }
+    }
+
     /// Controls read ahead behavior.
     ///
     /// If enabled, OpenSSL will read as much data as is available from the underlying stream,