rust: bssl-tls: Make certificate store more ergonomic

To avoid possibly repeated store construction, it is better to let
builders take borrows.

Signed-off-by: Xiangfei Ding <xfding@google.com>
Change-Id: Ib8f3add3683850e7865a796d604ecda56a6a6964
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/93767
Reviewed-by: David Benjamin <davidben@google.com>
Presubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Rudolf Polzer <rpolzer@google.com>
diff --git a/rust/bssl-tls/src/connection/credentials.rs b/rust/bssl-tls/src/connection/credentials.rs
index 413a0b3..7cbb2d8 100644
--- a/rust/bssl-tls/src/connection/credentials.rs
+++ b/rust/bssl-tls/src/connection/credentials.rs
@@ -104,13 +104,13 @@
 /// # Certificate verification
 impl<M> TlsConnectionInHandshake<'_, Client, M> {
     /// Set certificate verification store.
-    pub fn set_certificate_store(&mut self, store: X509Store) -> &mut Self {
+    pub fn set_certificate_store(&mut self, store: &X509Store) -> &mut Self {
         unsafe {
             // Safety:
             // - the validity of the handle `self.0` is witnessed by `self`.
             // - when pending handshake, the assignment is always successful.
             // - `SSL_set1_verify_cert_store` bumps the ref-count on the store.
-            bssl_sys::SSL_set1_verify_cert_store(self.ptr(), store.as_raw());
+            bssl_sys::SSL_set1_verify_cert_store(self.ptr(), store.as_mut_ptr());
         }
         self
     }
diff --git a/rust/bssl-tls/src/context/credentials.rs b/rust/bssl-tls/src/context/credentials.rs
index d6b2f79..23aa16f 100644
--- a/rust/bssl-tls/src/context/credentials.rs
+++ b/rust/bssl-tls/src/context/credentials.rs
@@ -91,12 +91,15 @@
 /// # Certificate verification
 impl<M> TlsContextBuilder<M> {
     /// Set certificate verification store.
-    pub fn with_certificate_store(&mut self, store: X509Store) -> &mut Self {
+    pub fn with_certificate_store(&mut self, store: &X509Store) -> &mut Self {
         unsafe {
             // Safety:
             // - the validity of the handle `self.0` is witnessed by `self`.
             // - `SSL_CTX_set1_verify_cert_store` bumps the ref-count on `store`.
-            bssl_sys::SSL_CTX_set1_verify_cert_store(self.ptr(), store.as_raw());
+            assert_eq!(
+                bssl_sys::SSL_CTX_set1_verify_cert_store(self.ptr(), store.as_mut_ptr()),
+                1,
+            );
         }
         self
     }
diff --git a/rust/bssl-x509/src/store.rs b/rust/bssl-x509/src/store.rs
index f81b2ae..f1b0acb 100644
--- a/rust/bssl-x509/src/store.rs
+++ b/rust/bssl-x509/src/store.rs
@@ -173,7 +173,7 @@
     ///
     /// `self` **must** outlive the uses of the returned handle.
     /// Verify the callsite contract to honour the lifetime contracts.
-    pub unsafe fn as_raw(&self) -> *mut bssl_sys::X509_STORE {
+    pub unsafe fn as_mut_ptr(&self) -> *mut bssl_sys::X509_STORE {
         self.0.as_ptr()
     }
 }
diff --git a/rust/bssl-x509/src/verify.rs b/rust/bssl-x509/src/verify.rs
index 7ee4006..c8ea2cb 100644
--- a/rust/bssl-x509/src/verify.rs
+++ b/rust/bssl-x509/src/verify.rs
@@ -84,7 +84,12 @@
             // - `chain` is a valid stack pointer, kept alive by `ctx.chain`.
             // - The input objects will outlive `'a`, so the verifier is outlived by
             //   these objects.
-            bssl_sys::X509_STORE_CTX_init(ctx.ptr(), store.as_raw(), cert.ptr(), ctx.chain.ptr())
+            bssl_sys::X509_STORE_CTX_init(
+                ctx.ptr(),
+                store.as_mut_ptr(),
+                cert.ptr(),
+                ctx.chain.ptr(),
+            )
         });
         Ok(ctx)
     }