From 4664eb8a51bb21296b293430ce552c391e3d8b91 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 15 Apr 2023 08:16:26 +0800
Subject: [PATCH] add support for Context.set_cert_store

---
 CHANGELOG.rst      |  2 ++
 src/OpenSSL/SSL.py | 10 ++++++++++
 tests/test_ssl.py  |  6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index ea84ef567..b51a45468 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -19,6 +19,8 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+- Added ``Context.set_cert_store`` `#1210 <https://github.com/pyca/pyopenssl/pull/1210>`_.
+
 23.2.0 (2023-05-30)
 -------------------
 
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index b79b18e5b..06a646e4a 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1507,6 +1507,16 @@ def get_cert_store(self):
         pystore._store = store
         return pystore
 
+    def set_cert_store(self, store):
+        """
+        Set the certificate store for the context.
+        :param store: A X509Store object.
+        :return: None
+        """
+        rc = _lib.X509_STORE_up_ref(store._store)
+        _openssl_assert(rc == 1)
+        _lib.SSL_CTX_set_cert_store(self._context, store._store)
+
     def set_options(self, options):
         """
         Add options. Options set before are not cleared!
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 804288e33..f26ca89fb 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -1716,6 +1716,12 @@ def test_get_cert_store(self):
         store = context.get_cert_store()
         assert isinstance(store, X509Store)
 
+    def test_set_cert_store(self):
+        context = Context(SSLv23_METHOD)
+        store = X509Store()
+        context.set_cert_store(store)
+        assert store._store == context.get_cert_store()._store
+
     def test_set_tlsext_use_srtp_not_bytes(self):
         """
         `Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.