Merge pull request #1113 from Metaswitch/add_client_ca (d861eb16) · Commits · Public Repositories / Rust Openssl

openssl-sys/src/ssl.rs

+3 −0

Original line number	Diff line number	Diff line
		@@ -1093,6 +1093,9 @@ extern "C" {

		pub fn SSL_CTX_set_client_CA_list(ctx: mut SSL_CTX, list: mut stack_st_X509_NAME);

		#[cfg(not(libressl))]
		pub fn SSL_CTX_add_client_CA(ctx: mut SSL_CTX, cacert: mut X509) -> c_int;

		pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int;
		pub fn SSL_CTX_load_verify_locations(
		ctx: *mut SSL_CTX,

+17 −0

Original line number	Diff line number	Diff line
		@@ -870,6 +870,23 @@ impl SslContextBuilder {
		}
		}

		/// Add the provided CA certificate to the list sent by the server to the client when
		/// requesting client-side TLS authentication.
		///
		/// This corresponds to [`SSL_CTX_add_client_CA`].
		///
		/// [`SSL_CTX_add_client_CA`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_client_CA_list.html
		#[cfg(not(libressl))]
		pub fn add_client_ca(&mut self, cacert: &X509Ref) -> Result<(), ErrorStack> {
		unsafe {
		cvt(ffi::SSL_CTX_add_client_CA(
		self.as_ptr(),
		cacert.as_ptr()
		))
		.map(\|_\| ())
		}
		}

		/// Set the context identifier for sessions.
		///
		/// This value identifies the server's session cache to clients, telling them when they're