From 628c3b338acc7621167b28c13195b1e95bbfa25c Mon Sep 17 00:00:00 2001
From: Andy Caldwell <andrew.caldwell@metaswitch.com>
Date: Mon, 13 May 2019 15:07:46 +0100
Subject: [PATCH] Add SSL_CTX_add_client_CA on OpenSSL

---
 openssl-sys/src/ssl.rs |  3 +++
 openssl/src/ssl/mod.rs | 17 +++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
index 84db6e266..257d380bf 100644
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@@ -1093,6 +1093,9 @@ extern "C" {
 
     pub fn SSL_CTX_set_client_CA_list(ctx: *mut SSL_CTX, list: *mut stack_st_X509_NAME);
 
+    #[cfg(not(libressl))]
+    pub fn SSL_CTX_add_client_CA(ctx: *mut SSL_CTX, cacert: *mut X509) -> c_int;
+
     pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int;
     pub fn SSL_CTX_load_verify_locations(
         ctx: *mut SSL_CTX,
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 8f1736377..c130f15ef 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -870,6 +870,23 @@ impl SslContextBuilder {
         }
     }
 
+    /// Add the provided CA certificate to the list sent by the server to the client when
+    /// requesting client-side TLS authentication.
+    ///
+    /// This corresponds to [`SSL_CTX_add_client_CA`].
+    ///
+    /// [`SSL_CTX_add_client_CA`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_client_CA_list.html
+    #[cfg(not(libressl))]
+    pub fn add_client_ca(&mut self, cacert: &mut X509) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::SSL_CTX_add_client_CA(
+                self.as_ptr(),
+                cacert.as_ptr()
+            ))
+            .map(|_| ())
+        }
+    }
+
     /// Set the context identifier for sessions.
     ///
     /// This value identifies the server's session cache to clients, telling them when they're
-- 
GitLab