kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add a -require-any-client-cert flag to bssl server

Browse Source 
Useful for testing client cert stuff.

Change-Id: Ieb3cb02a685b22c18cfc50b44170221017889a57
Reviewed-on: https://boringssl-review.googlesource.com/22644
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-11-04 22:57:54 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent fdd5fed036
commit 5b90eb98f6
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tool/server.cc
View File

@ -79,6 +79,10 @@ static const struct argument kArguments[] = {
"-debug", kBooleanArgument, "-debug", kBooleanArgument,
"Print debug information about the handshake", "Print debug information about the handshake",
}, },
{
"-require-any-client-cert", kBooleanArgument,
"The server will require a client certificate.",
},
{ {
"", kOptionalArgument, "", "", kOptionalArgument, "",
}, },
@ -320,6 +324,14 @@ bool Server(const std::vector<std::string> &args) {
SSL_CTX_set_info_callback(ctx.get(), InfoCallback); SSL_CTX_set_info_callback(ctx.get(), InfoCallback);
} }
if (args_map.count("-require-any-client-cert") != 0) {
SSL_CTX_set_verify(
ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
SSL_CTX_set_cert_verify_callback(
ctx.get(), [](X509_STORE_CTX *store, void *arg) -> int { return 1; },
nullptr);
}
Listener listener; Listener listener;
if (!listener.Init(args_map["-accept"])) { if (!listener.Init(args_map["-accept"])) {
return false; return false;