From 86e412dc184b462f3ec59061bc3cba9907ea069c Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Wed, 2 Dec 2015 19:34:58 -0500
Subject: [PATCH] Add client cert support to bssl client.

Handy to test servers with misbehaving client auth.

Change-Id: I93f7b77c35e223761edade648bc03d1f97ed82fd
Reviewed-on: https://boringssl-review.googlesource.com/6614
Reviewed-by: Adam Langley <agl@google.com>
---
 tool/client.cc | 16 ++++++++++++++++
 tool/server.cc |  4 ++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/tool/client.cc b/tool/client.cc
index c09f4576..dbec1846 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -81,6 +81,10 @@ static const struct argument kArguments[] = {
     { "-session-out", kOptionalArgument,
       "A file to write the negotiated session to.",
     },
+    {
+      "-key", kOptionalArgument,
+      "Private-key file to use (default is no client certificate)",
+    },
     {
      "", kOptionalArgument, "",
     },
@@ -236,6 +240,18 @@ bool Client(const std::vector<std::string> &args) {
     SSL_CTX_set_mode(ctx.get(), SSL_MODE_ENABLE_FALSE_START);
   }
 
+  if (args_map.count("-key") != 0) {
+    const std::string &key = args_map["-key"];
+    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), SSL_FILETYPE_PEM)) {
+      fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
+      return false;
+    }
+    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key.c_str())) {
+      fprintf(stderr, "Failed to load cert chain: %s\n", key.c_str());
+      return false;
+    }
+  }
+
   int sock = -1;
   if (!Connect(&sock, args_map["-connect"])) {
     return false;
diff --git a/tool/server.cc b/tool/server.cc
index abc71cfd..14f37a44 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -103,11 +103,11 @@ bool Server(const std::vector<std::string> &args) {
   if (args_map.count("-key") != 0) {
     key_file = args_map["-key"];
   }
-  if (SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM) <= 0) {
+  if (!SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM)) {
     fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str());
     return false;
   }
-  if (SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str()) != 1) {
+  if (!SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str())) {
     fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str());
     return false;
   }