From cb3af3e9c1ddf69d3f96f9f59d57e8e4375a7e78 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 9 Apr 2017 09:52:47 -0400 Subject: [PATCH] Allow specifying certificate and key in separate files. Our test certificate files in ssl/test/runner (which I often use out of laziness) are not specified in a way compatible with the bssl tool. Change-Id: I216d9555242e6d4be75b8172579186398b862394 Reviewed-on: https://boringssl-review.googlesource.com/14826 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- tool/client.cc | 17 +++++++++++++---- tool/server.cc | 24 ++++++++++++++++-------- 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/tool/client.cc b/tool/client.cc index 319b5571..2c8b5147 100644 --- a/tool/client.cc +++ b/tool/client.cc @@ -90,7 +90,13 @@ static const struct argument kArguments[] = { }, { "-key", kOptionalArgument, - "Private-key file to use (default is no client certificate)", + "PEM-encoded file containing the private key.", + }, + { + "-cert", kOptionalArgument, + "PEM-encoded file containing the leaf certificate and optional " + "certificate chain. This is taken from the -key argument if this " + "argument is not provided.", }, { "-starttls", kOptionalArgument, @@ -376,12 +382,15 @@ bool Client(const std::vector &args) { if (args_map.count("-key") != 0) { const std::string &key = args_map["-key"]; - if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), SSL_FILETYPE_PEM)) { + if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), + SSL_FILETYPE_PEM)) { fprintf(stderr, "Failed to load private key: %s\n", key.c_str()); return false; } - if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key.c_str())) { - fprintf(stderr, "Failed to load cert chain: %s\n", key.c_str()); + const std::string &cert = + args_map.count("-cert") != 0 ? args_map["-cert"] : key; + if (!SSL_CTX_use_certificate_chain_file(ctx.get(), cert.c_str())) { + fprintf(stderr, "Failed to load cert chain: %s\n", cert.c_str()); return false; } } diff --git a/tool/server.cc b/tool/server.cc index 13c78259..ae039059 100644 --- a/tool/server.cc +++ b/tool/server.cc @@ -44,9 +44,14 @@ static const struct argument kArguments[] = { }, { "-key", kOptionalArgument, - "PEM-encoded file containing the private key, leaf certificate and " - "optional certificate chain. A self-signed certificate is generated " - "at runtime if this argument is not provided.", + "PEM-encoded file containing the private key. A self-signed " + "certificate is generated at runtime if this argument is not provided.", + }, + { + "-cert", kOptionalArgument, + "PEM-encoded file containing the leaf certificate and optional " + "certificate chain. This is taken from the -key argument if this " + "argument is not provided.", }, { "-ocsp-response", kOptionalArgument, "OCSP response file to send", @@ -147,13 +152,16 @@ bool Server(const std::vector &args) { // Server authentication is required. if (args_map.count("-key") != 0) { - std::string key_file = args_map["-key"]; - if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key_file.c_str(), SSL_FILETYPE_PEM)) { - fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str()); + std::string key = args_map["-key"]; + if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key.c_str(), + SSL_FILETYPE_PEM)) { + fprintf(stderr, "Failed to load private key: %s\n", key.c_str()); return false; } - if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key_file.c_str())) { - fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str()); + const std::string &cert = + args_map.count("-cert") != 0 ? args_map["-cert"] : key; + if (!SSL_CTX_use_certificate_chain_file(ctx.get(), cert.c_str())) { + fprintf(stderr, "Failed to load cert chain: %s\n", cert.c_str()); return false; } } else {