diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs
index f5e3c2428920d698ed329ee5afb75b608e49e10c..c5419ed6eb072fa80de13df11dd1477fcc2844f0 100644
--- a/openssl-sys/src/handwritten/x509.rs
+++ b/openssl-sys/src/handwritten/x509.rs
@@ -644,6 +644,8 @@ const_ptr_api! {
     extern "C" {
         #[cfg(any(ossl110, libressl270))]
         pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT;
+        #[cfg(ossl300)]
+        pub fn X509_STORE_get1_all_certs(ctx: *mut X509_STORE) -> *mut stack_st_X509;
     }
 }
 
diff --git a/openssl/src/cipher_ctx.rs b/openssl/src/cipher_ctx.rs
index 56d0d26700d5903e592ca8d75f9dd51f98310c97..0b8b79921a98845c74ed3a780d4b1fcb9d10dd47 100644
--- a/openssl/src/cipher_ctx.rs
+++ b/openssl/src/cipher_ctx.rs
@@ -573,7 +573,8 @@ impl CipherCtxRef {
     /// output size check removed. It can be used when the exact
     /// buffer size control is maintained by the caller.
     ///
-    /// SAFETY: The caller is expected to provide `output` buffer
+    /// # Safety
+    /// The caller is expected to provide `output` buffer
     /// large enough to contain correct number of bytes. For streaming
     /// ciphers the output buffer size should be at least as big as
     /// the input buffer. For block ciphers the size of the output
@@ -685,7 +686,8 @@ impl CipherCtxRef {
     /// This function is the same as [`Self::cipher_final`] but with
     /// the output buffer size check removed.
     ///
-    /// SAFETY: The caller is expected to provide `output` buffer
+    /// # Safety
+    /// The caller is expected to provide `output` buffer
     /// large enough to contain correct number of bytes. For streaming
     /// ciphers the output buffer can be empty, for block ciphers the
     /// output buffer should be at least as big as the block.
diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index 73be1454b4dcd8e150a35622f3285e2c047e072c..28b73f31ffeb5290daad0512926a79c8c675218a 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -119,7 +119,7 @@
 //! ```
 #![doc(html_root_url = "https://docs.rs/openssl/0.10")]
 #![warn(rust_2018_idioms)]
-#![allow(clippy::uninlined_format_args)]
+#![allow(clippy::uninlined_format_args, clippy::needless_doctest_main)]
 
 #[doc(inline)]
 pub use ffi::init;
diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs
index a90bf3515f60c469490f4beb9cbef445c2cdd83c..c67490b98cefa009e9e8e11bcfe2fc1504288e01 100644
--- a/openssl/src/x509/store.rs
+++ b/openssl/src/x509/store.rs
@@ -42,13 +42,13 @@
 //! ```
 
 use cfg_if::cfg_if;
-use foreign_types::ForeignTypeRef;
+use foreign_types::{ForeignType, ForeignTypeRef};
 use std::mem;
 
 use crate::error::ErrorStack;
 #[cfg(not(boringssl))]
 use crate::ssl::SslFiletype;
-use crate::stack::StackRef;
+use crate::stack::{Stack, StackRef};
 #[cfg(any(ossl102, libressl261))]
 use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
 use crate::x509::{X509Object, X509PurposeId, X509};
@@ -260,10 +260,24 @@ foreign_type_and_impl_send_sync! {
 
 impl X509StoreRef {
     /// Get a reference to the cache of certificates in this store.
+    ///
+    /// This method is deprecated. It is **unsound** and will be removed in a
+    /// future version of rust-openssl. `X509StoreRef::all_certificates`
+    /// should be used instead.
+    #[deprecated(
+    note = "This method is unsound, and will be removed in a future version of rust-openssl. X509StoreRef::all_certificates should be used instead."
+    )]
     #[corresponds(X509_STORE_get0_objects)]
     pub fn objects(&self) -> &StackRef<X509Object> {
         unsafe { StackRef::from_ptr(X509_STORE_get0_objects(self.as_ptr())) }
     }
+
+    /// Returns a stack of all the certificates in this store.
+    #[corresponds(X509_STORE_get1_all_certs)]
+    #[cfg(ossl300)]
+    pub fn all_certificates(&self) -> Stack<X509> {
+        unsafe { Stack::from_ptr(ffi::X509_STORE_get1_all_certs(self.as_ptr())) }
+    }
 }
 
 cfg_if! {
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index da3ce2fed20c9a328071a6699f8f16ebc8a87236..9e4a12a35b70538fcd6f1277dd8be2c39da673a9 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -1108,6 +1108,21 @@ fn ipv6_as_subject_alternative_name_is_formatted_in_debug() {
     ]);
 }
 
+#[test]
+#[cfg(ossl300)]
+fn test_store_all_certificates() {
+    let cert = include_bytes!("../../test/cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+
+    let store = {
+        let mut b = X509StoreBuilder::new().unwrap();
+        b.add_cert(cert).unwrap();
+        b.build()
+    };
+
+    assert_eq!(store.all_certificates().len(), 1);
+}
+
 #[cfg(ossl110)]
 #[test]
 fn other_name_as_subject_alternative_name() {