diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index 0c9aa4fd0c..40f50514b6 100644
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@@ -172,3 +172,9 @@ void X509_reject_clear(X509 *x)
 	}
 }
 
+ASN1_SEQUENCE(X509_CERT_PAIR) = {
+	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+} ASN1_SEQUENCE_END(X509_CERT_PAIR);
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index 5be8d6a957..02dd9f2b67 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -113,6 +113,7 @@ extern "C" {
 
 #define PEM_STRING_X509_OLD	"X509 CERTIFICATE"
 #define PEM_STRING_X509		"CERTIFICATE"
+#define PEM_STRING_X509_PAIR	"CERTIFICATE PAIR"
 #define PEM_STRING_X509_TRUSTED	"TRUSTED CERTIFICATE"
 #define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
@@ -548,6 +549,8 @@ DECLARE_PEM_rw(X509, X509)
 
 DECLARE_PEM_rw(X509_AUX, X509)
 
+DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
+
 DECLARE_PEM_rw(X509_REQ, X509_REQ)
 DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
 
diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c
index 2f579b5421..63ce660cf1 100644
--- a/crypto/pem/pem_xaux.c
+++ b/crypto/pem/pem_xaux.c
@@ -66,3 +66,4 @@
 #include <openssl/pem.h>
 
 IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
+IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 39a9c4c0ab..f1ccc0f041 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -306,6 +306,11 @@ typedef struct x509_trust_st {
 
 DECLARE_STACK_OF(X509_TRUST)
 
+typedef struct x509_cert_pair_st {
+	X509 *forward;
+	X509 *reverse;
+} X509_CERT_PAIR;
+
 /* standard trust ids */
 
 #define X509_TRUST_DEFAULT	-1	/* Only valid in purpose settings */
@@ -920,6 +925,8 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF)
 DECLARE_ASN1_FUNCTIONS(X509)
 DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
+DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
+
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int X509_set_ex_data(X509 *r, int idx, void *arg);