Google Git
Sign in
boringssl / boringssl.git / cb3af3e9c1ddf69d3f96f9f59d57e8e4375a7e78^! / . / tool / server.cc
commitcb3af3e9c1ddf69d3f96f9f59d57e8e4375a7e78[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sun Apr 09 09:52:47 2017 -0400
committerAdam Langley <agl@google.com>Tue Apr 11 18:40:12 2017 +0000
tree8609e59850b25b81d2141262fef0fed8ee26758d
parenta53344972babe33c09533d8dbeb76a3d7ba9b20a [diff] [blame]
Allow specifying certificate and key in separate files.

Our test certificate files in ssl/test/runner (which I often use out of
laziness) are not specified in a way compatible with the bssl tool.

Change-Id: I216d9555242e6d4be75b8172579186398b862394
Reviewed-on: https://boringssl-review.googlesource.com/14826
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/tool/server.cc b/tool/server.cc
index 13c7825..ae03905 100644
--- a/tool/server.cc
+++ b/tool/server.cc

@@ -44,9 +44,14 @@
     },
     {
         "-key", kOptionalArgument,
-        "PEM-encoded file containing the private key, leaf certificate and "
-        "optional certificate chain. A self-signed certificate is generated "
-        "at runtime if this argument is not provided.",
+        "PEM-encoded file containing the private key. A self-signed "
+        "certificate is generated at runtime if this argument is not provided.",
+    },
+    {
+        "-cert", kOptionalArgument,
+        "PEM-encoded file containing the leaf certificate and optional "
+        "certificate chain. This is taken from the -key argument if this "
+        "argument is not provided.",
     },
     {
         "-ocsp-response", kOptionalArgument, "OCSP response file to send",
@@ -147,13 +152,16 @@
 
   // Server authentication is required.
   if (args_map.count("-key") != 0) {
-    std::string key_file = args_map["-key"];
-    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key_file.c_str(), SSL_FILETYPE_PEM)) {
-      fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str());
+    std::string key = args_map["-key"];
+    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(),
+                                     SSL_FILETYPE_PEM)) {
+      fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
       return false;
     }
-    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key_file.c_str())) {
-      fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str());
+    const std::string &cert =
+        args_map.count("-cert") != 0 ? args_map["-cert"] : key;
+    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), cert.c_str())) {
+      fprintf(stderr, "Failed to load cert chain: %s\n", cert.c_str());
       return false;
     }
   } else {