add -cert_chain option to s_client

apps/s_client.c

@@ -571,11 +571,12 @@ int MAIN(int argc, char **argv)
 	short port=PORT;
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
-	char *cert_file=NULL,*key_file=NULL;
+	char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
 	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
 	char *passarg = NULL, *pass = NULL;
 	X509 *cert = NULL;
 	EVP_PKEY *key = NULL;
+	STACK_OF(X509) *chain = NULL;
 	char *CApath=NULL,*CAfile=NULL;
 	char *chCApath=NULL,*chCAfile=NULL;
 	char *vfyCApath=NULL,*vfyCAfile=NULL;
@@ -900,6 +901,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passarg = *(++argv);
 			}
+		else if	(strcmp(*argv,"-cert_chain") == 0)
+			{
+			if (--argc < 1) goto bad;
+			chain_file= *(++argv);
+			}
 		else if	(strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -1124,6 +1130,14 @@ bad:
 			}
 		}
 
+	if (chain_file)
+		{
+		chain = load_certs(bio_err, chain_file,FORMAT_PEM,
+					NULL, e, "client certificate chain");
+		if (!chain)
+			goto end;
+		}
+
 	if (crl_file)
 		{
 		X509_CRL *crl;
@@ -1260,7 +1274,7 @@ bad:
 
 	ssl_ctx_add_crls(ctx, crls, crl_download);
 
-	if (!set_cert_key_stuff(ctx,cert,key, NULL, build_chain))
+	if (!set_cert_key_stuff(ctx,cert,key,chain,build_chain))
 		goto end;
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -2007,6 +2021,8 @@ end:
 		sk_X509_CRL_pop_free(crls, X509_CRL_free);
 	if (key)
 		EVP_PKEY_free(key);
+	if (chain)
+		sk_X509_pop_free(chain, X509_free);
 	if (pass)
 		OPENSSL_free(pass);
 	if (vpm)