diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 7c68b4fa..353f619f 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -2240,6 +2240,7 @@ extern "C" {
     #[cfg(libressl)]
     pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void;
     pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509;
+    pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509;
     pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD;
     pub fn SSL_get_version(ssl: *const SSL) -> *const c_char;
     pub fn SSL_state_string(ssl: *const SSL) -> *const c_char;
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 9e17ae60..dc0f5448 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -1257,6 +1257,21 @@ impl SslRef {
         }
     }
 
+    /// Returns the certificate chain of the peer, if present.
+    ///
+    /// On the client side, the chain includes the leaf certificate, but on the server side it does
+    /// not. Fun!
+    pub fn peer_cert_chain(&self) -> Option<&StackRef<X509>> {
+        unsafe {
+            let ptr = ffi::SSL_get_peer_cert_chain(self.as_ptr());
+            if ptr.is_null() {
+                None
+            } else {
+                Some(StackRef::from_ptr(ptr))
+            }
+        }
+    }
+
     /// Returns the certificate associated with this `Ssl`, if present.
     pub fn certificate(&self) -> Option<&X509Ref> {
         unsafe {