Add tests for the server accepting client certificates.

Change-Id: I9acc4363c6b9804d5fe464053393cf16ffb7785c
Reviewed-on: https://boringssl-review.googlesource.com/1159
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 72be47e..9dd0edf 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -64,6 +64,10 @@
   return 1;
 }
 
+int skip_verify(int preverify_ok, X509_STORE_CTX *store_ctx) {
+  return 1;
+}
+
 SSL *setup_test(int is_server) {
   if (!SSL_library_init()) {
     return NULL;
@@ -181,6 +185,9 @@
       }
       // Conveniently, 00 is not a certificate type.
       expected_certificate_types = argv[i];
+    } else if (strcmp(argv[i], "-require-any-client-certificate") == 0) {
+      SSL_set_verify(ssl, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                     skip_verify);
     } else {
       fprintf(stderr, "Unknown argument: %s\n", argv[i]);
       return 1;
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3d3e538..0e22623 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -536,7 +536,7 @@
 
 		testCases = append(testCases, testCase{
 			testType: clientTest,
-			name:     ver.name + "-ClientAuth-RSA",
+			name:     ver.name + "-Client-ClientAuth-RSA",
 			config: Config{
 				MinVersion:   ver.version,
 				MaxVersion:   ver.version,
@@ -550,7 +550,7 @@
 		})
 		testCases = append(testCases, testCase{
 			testType: clientTest,
-			name:     ver.name + "-ClientAuth-ECDSA",
+			name:     ver.name + "-Client-ClientAuth-ECDSA",
 			config: Config{
 				MinVersion:   ver.version,
 				MaxVersion:   ver.version,
@@ -562,6 +562,22 @@
 				"-key-file", ecdsaKeyFile,
 			},
 		})
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			name:     ver.name + "-Server-ClientAuth-RSA",
+			config: Config{
+				Certificates: []Certificate{rsaCertificate},
+			},
+			flags: []string{"-require-any-client-certificate"},
+		})
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			name:     ver.name + "-Server-ClientAuth-ECDSA",
+			config: Config{
+				Certificates: []Certificate{ecdsaCertificate},
+			},
+			flags: []string{"-require-any-client-certificate"},
+		})
 	}
 }