4 files changed, 35 insertions, 12 deletions

diff --git a/cryptography/hazmat/backends/openssl/pkcs12.py b/cryptography/hazmat/backends/openssl/pkcs12.py
index b3ecd0aa..bd01e756 100644
--- a/cryptography/hazmat/backends/openssl/pkcs12.py
+++ b/cryptography/hazmat/backends/openssl/pkcs12.py
@@ -28,9 +28,9 @@ int i2d_PKCS12_bio(BIO *, PKCS12 *);
 
 MACROS = """
 int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **,
-                 struct stack_st_X509 **);
+                 Cryptography_STACK_OF_X509 **);
 PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *,
-                      struct stack_st_X509 *, int, int, int, int, int);
+                      Cryptography_STACK_OF_X509 *, int, int, int, int, int);
 """
 
 CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index 596db05b..499e9c3a 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -157,6 +157,10 @@ int SSL_pending(const SSL *);
 int SSL_write(SSL *, const void *, int);
 int SSL_read(SSL *, void *, int);
 X509 *SSL_get_peer_certificate(const SSL *);
+
+Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *);
+Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *);
+
 int SSL_get_error(const SSL *, int);
 int SSL_do_handshake(SSL *);
 int SSL_shutdown(SSL *);
@@ -186,6 +190,9 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
 int SSL_CTX_add_client_CA(SSL_CTX *, X509 *);
 
+void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *);
+
+
 /*  X509_STORE_CTX */
 int X509_STORE_CTX_get_error(X509_STORE_CTX *);
 void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);
diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py
index ea46256b..f0061a70 100644
--- a/cryptography/hazmat/backends/openssl/x509.py
+++ b/cryptography/hazmat/backends/openssl/x509.py
@@ -13,6 +13,15 @@
 
 INCLUDES = """
 #include <openssl/ssl.h>
+
+/*
+ * This is part of a work-around for the difficulty cffi has in dealing with
+ * `STACK_OF(foo)` as the name of a type.  We invent a new, simpler name that
+ * will be an alias for this type and use the alias throughout.  This works
+ * together with another opaque typedef for the same name in the TYPES section.
+ * Note that the result is an opaque type.
+ */
+typedef STACK_OF(X509) Cryptography_STACK_OF_X509;
 """
 
 TYPES = """
@@ -63,6 +72,7 @@ typedef struct {
 
 typedef ... X509_STORE;
 typedef ... NETSCAPE_SPKI;
+typedef ... Cryptography_STACK_OF_X509;
 """
 
 FUNCTIONS = """
@@ -165,11 +175,11 @@ ASN1_TIME *X509_get_notAfter(X509 *);
 long X509_REQ_get_version(X509_REQ *);
 X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
 
-struct stack_st_X509 *sk_X509_new_null(void);
-void sk_X509_free(struct stack_st_X509 *);
-int sk_X509_num(struct stack_st_X509 *);
-int sk_X509_push(struct stack_st_X509 *, X509 *);
-X509 *sk_X509_value(struct stack_st_X509 *, int);
+Cryptography_STACK_OF_X509 *sk_X509_new_null(void);
+void sk_X509_free(Cryptography_STACK_OF_X509 *);
+int sk_X509_num(Cryptography_STACK_OF_X509 *);
+int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *);
+X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int);
 
 X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void);
 int sk_X509_EXTENSION_num(X509_EXTENSIONS *);
diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py
index 0543e387..bf627d61 100644
--- a/cryptography/hazmat/backends/openssl/x509name.py
+++ b/cryptography/hazmat/backends/openssl/x509name.py
@@ -13,11 +13,17 @@
 
 INCLUDES = """
 #include <openssl/x509.h>
+
+/*
+ * See the comment above Cryptography_STACK_OF_X509 in x509.py
+ */
+typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME;
 """
 
 TYPES = """
 typedef ... X509_NAME;
 typedef ... X509_NAME_ENTRY;
+typedef ... Cryptography_STACK_OF_X509_NAME;
 """
 
 FUNCTIONS = """
@@ -40,11 +46,11 @@ void X509_NAME_free(X509_NAME *);
 """
 
 MACROS = """
-struct stack_st_X509_NAME *sk_X509_NAME_new_null(void);
-int sk_X509_NAME_num(struct stack_st_X509_NAME *);
-int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *);
-X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int);
-void sk_X509_NAME_free(struct stack_st_X509_NAME *);
+Cryptography_STACK_OF_X509_NAME *sk_X509_NAME_new_null(void);
+int sk_X509_NAME_num(Cryptography_STACK_OF_X509_NAME *);
+int sk_X509_NAME_push(Cryptography_STACK_OF_X509_NAME *, X509_NAME *);
+X509_NAME *sk_X509_NAME_value(Cryptography_STACK_OF_X509_NAME *, int);
+void sk_X509_NAME_free(Cryptography_STACK_OF_X509_NAME *);
 """
 
 CUSTOMIZATIONS = """