Add client cert support to bssl client.

Handy to test servers with misbehaving client auth.

Change-Id: I93f7b77c35e223761edade648bc03d1f97ed82fd
Reviewed-on: https://boringssl-review.googlesource.com/6614
Reviewed-by: Adam Langley <agl@google.com>

tool/client.cc

@@ -81,6 +81,10 @@ static const struct argument kArguments[] = {
     { "-session-out", kOptionalArgument,
       "A file to write the negotiated session to.",
     },
+    {
+      "-key", kOptionalArgument,
+      "Private-key file to use (default is no client certificate)",
+    },
     {
      "", kOptionalArgument, "",
     },
@@ -236,6 +240,18 @@ bool Client(const std::vector<std::string> &args) {
     SSL_CTX_set_mode(ctx.get(), SSL_MODE_ENABLE_FALSE_START);
   }
 
+  if (args_map.count("-key") != 0) {
+    const std::string &key = args_map["-key"];
+    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), SSL_FILETYPE_PEM)) {
+      fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
+      return false;
+    }
+    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key.c_str())) {
+      fprintf(stderr, "Failed to load cert chain: %s\n", key.c_str());
+      return false;
+    }
+  }
+
   int sock = -1;
   if (!Connect(&sock, args_map["-connect"])) {
     return false;

tool/server.cc

@@ -103,11 +103,11 @@ bool Server(const std::vector<std::string> &args) {
   if (args_map.count("-key") != 0) {
     key_file = args_map["-key"];
   }
-  if (SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM) <= 0) {
+  if (!SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM)) {
     fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str());
     return false;
   }
-  if (SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str()) != 1) {
+  if (!SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str())) {
     fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str());
     return false;
   }