Allow specifying certificate and key in separate files.

Our test certificate files in ssl/test/runner (which I often use out of laziness) are not specified in a way compatible with the bssl tool. Change-Id: I216d9555242e6d4be75b8172579186398b862394 Reviewed-on: https://boringssl-review.googlesource.com/14826 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
2017-04-09 09:52:47 -04:00 · 2017-04-09 09:52:47 -04:00 · cb3af3e9c1
commit cb3af3e9c1
parent a53344972b
2 changed files with 29 additions and 12 deletions
--- a/tool/client.cc
+++ b/tool/client.cc
@ -90,7 +90,13 @@ static const struct argument kArguments[] = {
    },
    {
        "-key", kOptionalArgument,
-        "Private-key file to use (default is no client certificate)",
+        "PEM-encoded file containing the private key.",
+    },
+    {
+        "-cert", kOptionalArgument,
+        "PEM-encoded file containing the leaf certificate and optional "
+        "certificate chain. This is taken from the -key argument if this "
+        "argument is not provided.",
    },
    {
        "-starttls", kOptionalArgument,
@ -376,12 +382,15 @@ bool Client(const std::vector<std::string> &args) {

  if (args_map.count("-key") != 0) {
    const std::string &key = args_map["-key"];
-    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), SSL_FILETYPE_PEM)) {
+    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(),
+                                     SSL_FILETYPE_PEM)) {
      fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
      return false;
    }
-    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key.c_str())) {
-      fprintf(stderr, "Failed to load cert chain: %s\n", key.c_str());
+    const std::string &cert =
+        args_map.count("-cert") != 0 ? args_map["-cert"] : key;
+    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), cert.c_str())) {
+      fprintf(stderr, "Failed to load cert chain: %s\n", cert.c_str());
      return false;
    }
  }
--- a/tool/server.cc
+++ b/tool/server.cc
@ -44,9 +44,14 @@ static const struct argument kArguments[] = {
    },
    {
        "-key", kOptionalArgument,
-        "PEM-encoded file containing the private key, leaf certificate and "
-        "optional certificate chain. A self-signed certificate is generated "
-        "at runtime if this argument is not provided.",
+        "PEM-encoded file containing the private key. A self-signed "
+        "certificate is generated at runtime if this argument is not provided.",
+    },
+    {
+        "-cert", kOptionalArgument,
+        "PEM-encoded file containing the leaf certificate and optional "
+        "certificate chain. This is taken from the -key argument if this "
+        "argument is not provided.",
    },
    {
        "-ocsp-response", kOptionalArgument, "OCSP response file to send",
@ -147,13 +152,16 @@ bool Server(const std::vector<std::string> &args) {

  // Server authentication is required.
  if (args_map.count("-key") != 0) {
-    std::string key_file = args_map["-key"];
-    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key_file.c_str(), SSL_FILETYPE_PEM)) {
-      fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str());
+    std::string key = args_map["-key"];
+    if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(),
+                                     SSL_FILETYPE_PEM)) {
+      fprintf(stderr, "Failed to load private key: %s\n", key.c_str());
      return false;
    }
-    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key_file.c_str())) {
-      fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str());
+    const std::string &cert =
+        args_map.count("-cert") != 0 ? args_map["-cert"] : key;
+    if (!SSL_CTX_use_certificate_chain_file(ctx.get(), cert.c_str())) {
+      fprintf(stderr, "Failed to load cert chain: %s\n", cert.c_str());
      return false;
    }
  } else {