diff --git a/.circleci/config.yml b/.circleci/config.yml
index f0f2dba9..aed422c1 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,6 +8,9 @@ jobs:
       library:
         type: string
         default: ""
+      dl_path:
+        type: string
+        default: ""
       version:
         type: string
         default: ""
@@ -71,7 +74,7 @@ jobs:
                   URL="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-<< parameters.version >>.tar.gz"
                   ;;
                 "openssl")
-                  URL="https://openssl.org/source/openssl-<< parameters.version >>.tar.gz"
+                  URL="https://openssl.org/source<< parameters.dl_path >>/openssl-<< parameters.version >>.tar.gz"
                   ;;
                 esac
 
@@ -210,12 +213,15 @@ openssl_111: &openssl_111
 openssl_110: &openssl_110
   library: openssl
   version: 1.1.0l
+  dl_path: /old/1.1.0
 openssl_102: &openssl_102
   library: openssl
   version: 1.0.2u
+  dl_path: /old/1.0.2
 openssl_101: &openssl_101
   library: openssl
   version: 1.0.1u
+  dl_path: /old/1.0.1
 
 workflows:
   test:
diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
index f2e1bc47..1d76159d 100644
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@@ -901,6 +901,7 @@ extern "C" {
     #[cfg(any(ossl110, libressl273))]
     pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
     pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE;
+    pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE);
 
     pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
     pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 8d81062c..38d395c7 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -93,9 +93,7 @@ use ssl::bio::BioMethod;
 use ssl::callbacks::*;
 use ssl::error::InnerError;
 use stack::{Stack, StackRef};
-#[cfg(ossl102)]
-use x509::store::X509Store;
-use x509::store::{X509StoreBuilderRef, X509StoreRef};
+use x509::store::{X509Store, X509StoreBuilderRef, X509StoreRef};
 #[cfg(any(ossl102, libressl261))]
 use x509::verify::X509VerifyParamRef;
 use x509::{X509Name, X509Ref, X509StoreContextRef, X509VerifyResult, X509};
@@ -762,6 +760,18 @@ impl SslContextBuilder {
         }
     }
 
+    /// Replaces the context's certificate store.
+    ///
+    /// This corresponds to [`SSL_CTX_set_cert_store`].
+    ///
+    /// [`SSL_CTX_set_cert_store`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_cert_store.html
+    pub fn set_cert_store(&mut self, cert_store: X509Store) {
+        unsafe {
+            ffi::SSL_CTX_set_cert_store(self.as_ptr(), cert_store.as_ptr());
+            mem::forget(cert_store);
+        }
+    }
+
     /// Controls read ahead behavior.
     ///
     /// If enabled, OpenSSL will read as much data as is available from the underlying stream,