Add a -require-any-client-cert flag to bssl server
Useful for testing client cert stuff.
Change-Id: Ieb3cb02a685b22c18cfc50b44170221017889a57
Reviewed-on: https://boringssl-review.googlesource.com/22644
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/tool/server.cc b/tool/server.cc
index b6ed284..0061cb3 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -80,6 +80,10 @@
"Print debug information about the handshake",
},
{
+ "-require-any-client-cert", kBooleanArgument,
+ "The server will require a client certificate.",
+ },
+ {
"", kOptionalArgument, "",
},
};
@@ -320,6 +324,14 @@
SSL_CTX_set_info_callback(ctx.get(), InfoCallback);
}
+ if (args_map.count("-require-any-client-cert") != 0) {
+ SSL_CTX_set_verify(
+ ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
+ SSL_CTX_set_cert_verify_callback(
+ ctx.get(), [](X509_STORE_CTX *store, void *arg) -> int { return 1; },
+ nullptr);
+ }
+
Listener listener;
if (!listener.Init(args_map["-accept"])) {
return false;
