From 7c243875f34a47d3c552634a00440c846855c3a2 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Sat, 28 Dec 2013 08:56:34 -0500
Subject: expose SSL_get_peer_cert_chain, SSL_get_client_CA_list, and
 SSL_CTX_set_client_CA_list

---
 cryptography/hazmat/backends/openssl/ssl.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index fb3b17e6..7a1219b0 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -157,6 +157,13 @@ int SSL_pending(const SSL *);
 int SSL_write(SSL *, const void *, int);
 int SSL_read(SSL *, void *, int);
 X509 *SSL_get_peer_certificate(const SSL *);
+
+/* OpenSSL defines these with STACK_OF(...) instead stack_st_... of but the
+ * STACK_OF macro does not play well with cffi.
+ */
+struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *);
+struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *s);
+
 int SSL_get_error(const SSL *, int);
 int SSL_do_handshake(SSL *);
 int SSL_shutdown(SSL *);
@@ -186,6 +193,11 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
 int SSL_CTX_add_client_CA(SSL_CTX *, X509 *);
 
+/* See comment above about STACK_OF(...) vs stack_st_...
+ */
+void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *);
+
+
 /*  X509_STORE_CTX */
 int X509_STORE_CTX_get_error(X509_STORE_CTX *);
 void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);
-- 
cgit v1.2.3