add support for Context.set_cert_store

pyca · May 31, 2023 · 4664eb8 · 4664eb8
1 parent 5134ca1
commit 4664eb8
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -19,6 +19,8 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+- Added ``Context.set_cert_store`` `#1210 <https://github.com/pyca/pyopenssl/pull/1210>`_.
+
 23.2.0 (2023-05-30)
 -------------------
 

diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -1507,6 +1507,16 @@ def get_cert_store(self):
         pystore._store = store
         return pystore
 
+    def set_cert_store(self, store):
+        """
+        Set the certificate store for the context.
+        :param store: A X509Store object.
+        :return: None
+        """
+        rc = _lib.X509_STORE_up_ref(store._store)
+        _openssl_assert(rc == 1)
+        _lib.SSL_CTX_set_cert_store(self._context, store._store)
+
     def set_options(self, options):
         """
         Add options. Options set before are not cleared!

diff --git a/tests/test_ssl.py b/tests/test_ssl.py
@@ -1716,6 +1716,12 @@ def test_get_cert_store(self):
         store = context.get_cert_store()
         assert isinstance(store, X509Store)
 
+    def test_set_cert_store(self):
+        context = Context(SSLv23_METHOD)
+        store = X509Store()
+        context.set_cert_store(store)
+        assert store._store == context.get_cert_store()._store
+
     def test_set_tlsext_use_srtp_not_bytes(self):
         """
         `Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.