Add client cert support to bssl client.
Handy to test servers with misbehaving client auth.
Change-Id: I93f7b77c35e223761edade648bc03d1f97ed82fd
Reviewed-on: https://boringssl-review.googlesource.com/6614
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/tool/client.cc b/tool/client.cc
index c09f457..dbec184 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -82,6 +82,10 @@
"A file to write the negotiated session to.",
},
{
+ "-key", kOptionalArgument,
+ "Private-key file to use (default is no client certificate)",
+ },
+ {
"", kOptionalArgument, "",
},
};
@@ -236,6 +240,18 @@
SSL_CTX_set_mode(ctx.get(), SSL_MODE_ENABLE_FALSE_START);
}
+ if (args_map.count("-key") != 0) {
+ const std::string &key = args_map["-key"];
+ if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), SSL_FILETYPE_PEM)) {
+ fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
+ return false;
+ }
+ if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key.c_str())) {
+ fprintf(stderr, "Failed to load cert chain: %s\n", key.c_str());
+ return false;
+ }
+ }
+
int sock = -1;
if (!Connect(&sock, args_map["-connect"])) {
return false;
diff --git a/tool/server.cc b/tool/server.cc
index abc71cf..14f37a4 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -103,11 +103,11 @@
if (args_map.count("-key") != 0) {
key_file = args_map["-key"];
}
- if (SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM) <= 0) {
+ if (!SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM)) {
fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str());
return false;
}
- if (SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str()) != 1) {
+ if (!SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str())) {
fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str());
return false;
}